Make session ID regeneration configurable in security_settings.ini

Till Brehm

2016-07-23 aae7dceb7968fb8fe18b6065ee30ac86f3bcaee3

 interface/web/login/index.php

@@ -216,8 +216,15 @@
                  $user = $app->db->toLower($user);
                  
                  if ($loginAs) $oldSession = $_SESSION['s'];
                  // Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827
                  //if (!$loginAs) session_regenerate_id(true);
						
                  // Session regenerate causes login problems on some systems, see Issue #3827
                  // Set session_regenerate_id to no in security settings, it you encounter
                  // this problem.
                  $app->uses('getconf');
                  $security_config = $app->getconf->get_security_config('permissions');
                  if(isset($security_config['session_regenerate_id']) && $security_config['session_regenerate_id'] == 'yes') {
                     if (!$loginAs) session_regenerate_id(true);
                  }
                  $_SESSION = array();
                  if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
                  $_SESSION['s']['user'] = $user;