[rt #1279] when logging in (as a siteuser) start a new session object
authorTony Cook <tony@develop-help.com>
Fri, 16 Dec 2011 11:49:17 +0000 (22:49 +1100)
committerTony Cook <tony@develop-help.com>
Fri, 16 Dec 2011 11:49:17 +0000 (22:49 +1100)
commit8ebed4c645e9003ede2c86d979fb1942ec84a3be
tree39c810898ed5c675377a0f486dd29c738bacbfec
parenta9f62aa5bc292b5aeda7ed3feee9ccfdfa478535
[rt #1279] when logging in (as a siteuser) start a new session object

This prevents some cookie duplication attacks.

We also do the exchange to the ssl/non-ssl side of the site more
securely.
MANIFEST
site/cgi-bin/modules/BSE/Cfg.pm
site/cgi-bin/modules/BSE/SessionSign.pm [new file with mode: 0644]
site/cgi-bin/modules/BSE/UI/Shop.pm
site/cgi-bin/modules/BSE/UserReg.pm