From 0376f09cac820cb7970be122d4a41764d855b8fb Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Fri, 10 Apr 2026 22:08:56 +0000
Subject: [PATCH] Security - Regenerate the session id on login (#7840)

---
 core/authentication/resources/classes/authentication.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/authentication/resources/classes/authentication.php b/core/authentication/resources/classes/authentication.php
index 2c64fa94e..8e70ba9d5 100644
--- a/core/authentication/resources/classes/authentication.php
+++ b/core/authentication/resources/classes/authentication.php
@@ -611,7 +611,7 @@ class authentication {
 		}
 
 		//regenerate the session on login
-		//session_regenerate_id(true);
+		session_regenerate_id(true);
 
 		//add the username to the session - username session could be set so check_auth uses an authorized session variable instead
 		$_SESSION['username'] = $_SESSION['user']["username"];