Merge pull request #6519 from nhirokinet/master

Security Update: session fixation

diff --cc lib/private/user.php
index 86a01f96258ccc590274aac2024f5c0be078a8a1,e6f42874b9454b7b33eb928b7683e913cdfcc3bb..08ead712028e894dc6211797b5eeb68480da47d1
--- 1/lib/private/user.php
--- 2/lib/private/user.php
+++ b/lib/private/user.php
@@@ -246,11 -243,8 +246,10 @@@ class OC_User 
                OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
  
                if($uid) {
-                       session_regenerate_id(true);
                        self::setUserId($uid);
                        self::setDisplayName($uid);
 +                      self::getUserSession()->setLoginName($uid);
 +
                        OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' ));
                        return true;
                }

diff --cc lib/private/user/session.php
index 1740bad5abec22b1fdfa0aaf078e1c7dbb4b7fb8,67cfdf2624e6a69e831f8dcc76c7f0fb164b16fc..cd03b30205fb3eb7c0bab2829e383aeba0fbade7
--- 1/lib/private/user/session.php
--- 2/lib/private/user/session.php
+++ b/lib/private/user/session.php
@@@ -157,8 -157,9 +157,9 @@@ class Session implements Emitter, \OCP\
                if($user !== false) {
                        if (!is_null($user)) {
                                if ($user->isEnabled()) {
+                                       session_regenerate_id(true);
                                        $this->setUser($user);
 -                                      $this->setLoginname($uid);
 +                                      $this->setLoginName($uid);
                                        $this->manager->emit('\OC\User', 'postLogin', array($user, $password));
                                        return true;
                                } else {