diff --git a/interface/web/login/index.php b/interface/web/login/index.php index 349f2337605b4282f98d098dd686156039b3d8ee..75a013b81123881a40d34f9a8a5a152896c0a446 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -216,8 +216,15 @@ if(count($_POST) > 0) { $user = $app->db->toLower($user); if ($loginAs) $oldSession = $_SESSION['s']; - // Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827 - //if (!$loginAs) session_regenerate_id(true); + + // Session regenerate causes login problems on some systems, see Issue #3827 + // Set session_regenerate_id to no in security settings, it you encounter + // this problem. + $app->uses('getconf'); + $security_config = $app->getconf->get_security_config('permissions'); + if(isset($security_config['session_regenerate_id']) && $security_config['session_regenerate_id'] == 'yes') { + if (!$loginAs) session_regenerate_id(true); + } $_SESSION = array(); if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back! $_SESSION['s']['user'] = $user; diff --git a/security/security_settings.ini b/security/security_settings.ini index d3b8d9c743393e01e831780fc66cae887372189d..5cc381e3cde02bd8da1c69e14af5d9cad9a7c8b2 100644 --- a/security/security_settings.ini +++ b/security/security_settings.ini @@ -16,6 +16,7 @@ admin_allow_software_packages=superadmin admin_allow_software_repo=superadmin remote_api_allowed=yes password_reset_allowed=yes +session_regenerate_id=yes [ids] ids_enabled=no