Prevents users from reposting their form data after a successful logout.
Derived from webmail.php by Ralf Kraudelt <[email protected]>
Regenerate session id to make sure that authenticated session uses different ID than one used before user authenticated. This is a countermeasure against session fixation attacks.
NB: session_regenerate_id() was added in PHP 4.3.2 (and new session cookie is only sent out in this call as of PHP 4.3.3), but PHP 4 is not vulnerable to session fixation problems in SquirrelMail because it prioritizes $base_uri subdirectory cookies differently than PHP 5, which is otherwise vulnerable. If we really want to, we could define our own session_regenerate_id() when one does not exist, but there seems to be no reason to do so.
Documentation generated on Mon, 13 Jan 2020 04:25:12 +0100 by phpDocumentor 1.4.3