From 78cc43d33da80297da23beacff632a29e5be57ed Mon Sep 17 00:00:00 2001
From: Robert Elder <robert@robertelder.org>
Date: Mon, 29 Sep 2014 22:48:52 +0000
Subject: [PATCH] Regenerate session ids.

---
 airtime_mvc/application/controllers/LoginController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/airtime_mvc/application/controllers/LoginController.php b/airtime_mvc/application/controllers/LoginController.php
index 84af7f954..5e9b70e31 100644
--- a/airtime_mvc/application/controllers/LoginController.php
+++ b/airtime_mvc/application/controllers/LoginController.php
@@ -56,6 +56,8 @@ class LoginController extends Zend_Controller_Action
                     
                     $result = $auth->authenticate($authAdapter);
                     if ($result->isValid()) {
+                        //  Regenerate session id on login to prevent session fixation.
+                        Zend_Session::regenerateId();
                         //all info about this user from the login table omit only the password
                         $userInfo = $authAdapter->getResultRowObject(null, 'password');