From 47d7c121de1cd085fab1b1348e7cf5efb28e7fce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 26 Mar 2025 04:01:09 -0700
Subject: [PATCH] Generate new session id on logout()

---
 src/RaspAP/Auth/HTTPAuth.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/RaspAP/Auth/HTTPAuth.php b/src/RaspAP/Auth/HTTPAuth.php
index a28f9212..d5fcf215 100755
--- a/src/RaspAP/Auth/HTTPAuth.php
+++ b/src/RaspAP/Auth/HTTPAuth.php
@@ -79,6 +79,7 @@ class HTTPAuth
      */
     public function logout(): void
     {
+        session_regenerate_id(true); // generate a new session id
         session_unset(); // unset all session variables
         session_destroy(); // destroy the session
         $redirectUrl = $_SERVER['REQUEST_URI'];