From 62183af988c673f06cae2926218f4094d61477ba Mon Sep 17 00:00:00 2001
From: Thomas Brierley <tomxor@gmail.com>
Date: Fri, 27 Sep 2024 13:30:18 +0100
Subject: [PATCH] Refresh session lifetime (#187)

Stale session ids can cause premature session expiration after login.
Regenerating the session id provides the expected session lifetime, and
is also considered best practice for session management.
---
 admin/index.php | 1 +
 login.php       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/admin/index.php b/admin/index.php
index e562ac5967..55ecf4da6b 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -5,6 +5,7 @@
 if ( ! defined('COOKIE_SESSION') ) define('COOKIE_SESSION', true);
 require_once("../config.php");
 session_start();
+session_regenerate_id(true);
 require_once("gate.php");
 if ( $REDIRECTED === true || ! isset($_SESSION["admin"]) ) return;
 
diff --git a/login.php b/login.php
index fdcc62db23..6943906907 100644
--- a/login.php
+++ b/login.php
@@ -25,6 +25,7 @@ function login_redirect($path=false) {
 $PDOX = LTIX::getConnection();
 
 session_start();
+session_regenerate_id(true);
 error_log('Session in login '.session_id());
 
 $oauth_consumer_key = 'google.com';