fixes #945 - Piwik sets the session.name to 'PIWIK_SESSID'; define('PIWIK_SESSION_NAME', ...) in bootstrap.php to override; session namespaces now prefixed by Piwik_. We regenerate session ID at login/logout to mitigate session fixation attacks.

author: vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2009-09-08 21:17:56 +0400
committer: vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105> 2009-09-08 21:17:56 +0400
commit: b9c50cc7060bcfffa4775592ec3f5cd39d2c3bd9 (patch)
tree: 7bc8cdd12bf07c5306d8882751e43bfbceaa0e9c /plugins/Dashboard
parent: 588961ee011e1ded63c2d083e49bcf3fe0985ef0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/Dashboard/Controller.php b/plugins/Dashboard/Controller.php
index 6d9120bcfa..863883f6be 100644
--- a/plugins/Dashboard/Controller.php
+++ b/plugins/Dashboard/Controller.php
@@ -96,7 +96,7 @@ class Piwik_Dashboard_Controller extends Piwik_Controller
 
 		if($currentUser == 'anonymous')
 		{
-			$session = new Zend_Session_Namespace("Dashboard");
+			$session = new Zend_Session_Namespace("Piwik_Dashboard");
 			$session->idDashboard = $layout;
 		}
 		else
@@ -117,7 +117,7 @@ class Piwik_Dashboard_Controller extends Piwik_Controller
 
 		if($currentUser == 'anonymous')
 		{
-			$session = new Zend_Session_Namespace("Dashboard");
+			$session = new Zend_Session_Namespace("Piwik_Dashboard");
 
 			if(!isset($session->idDashboard))
 			{
author	vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2009-09-08 21:17:56 +0400
committer	vipsoft <vipsoft@59fd770c-687e-43c8-a1e3-f5a4ff64c105>	2009-09-08 21:17:56 +0400
commit	b9c50cc7060bcfffa4775592ec3f5cd39d2c3bd9 (patch)
tree	7bc8cdd12bf07c5306d8882751e43bfbceaa0e9c /plugins/Dashboard
parent	588961ee011e1ded63c2d083e49bcf3fe0985ef0 (diff)