1
Bug Fixes & Patches / Re: [1.7.1] sessionid in a URL=possible login visitor with the author's user account
« on: February 20, 2006, 10:22:33 PM »
I've patched sessions.php, but sessionid still present in URL. What am i do wrong?
Code: [Select]
if (!isset($this->session_info['session_user_id'])) {
return false;
}
if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
{
session_regenerate_id();
$this->session_id = session_id();
return false;
}
thanks.