From: s-aska <s.aska.org@gmail.com>
Date: Fri, 29 Oct 2010 06:43:15 +0000 (+0900)
Subject: fix Session Fixation
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FWeb-Session.git;a=commitdiff_plain;h=0d826d0e7a1e86d276dc94b309278513bedbdd1e

fix Session Fixation
---

diff --git a/lib/Plack/Middleware/Session.pm b/lib/Plack/Middleware/Session.pm
index f7e20b6..9f307af 100644
--- a/lib/Plack/Middleware/Session.pm
+++ b/lib/Plack/Middleware/Session.pm
@@ -75,6 +75,10 @@ sub commit {
 
     if ($options->{expire}) {
         $self->store->remove($options->{id});
+    } elsif ($options->{change_id}) {
+        $self->store->remove($options->{id});
+        $options->{id} = $self->generate_id($env);
+        $self->store->store($options->{id}, $session);
     } else {
         $self->store->store($options->{id}, $session);
     }