pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add session regeneration after token refresh to enhance security

Browse Source
This commit is contained in:
“VeLiTi”
2026-02-05 16:38:19 +01:00
parent d7b9b91bb6
commit 4564a4a04b
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
index.php
View File

@@ -63,6 +63,8 @@ if (!isset($_SESSION['authorization']['userkey']) ||
if (isset($responses['userkey']) && isset($responses['token_valid'])) { if (isset($responses['userkey']) && isset($responses['token_valid'])) {
// Update session with complete response (same as login.php) // Update session with complete response (same as login.php)
$_SESSION['authorization'] = $responses; $_SESSION['authorization'] = $responses;
session_regenerate_id(true); // Resets the session ID and timer to avoid user needs to relogin
} else { } else {
// Token refresh failed - redirect to login // Token refresh failed - redirect to login
session_destroy(); session_destroy();