From 7e9b9cf4d7be02428e963fc729496a45baeea608 Mon Sep 17 00:00:00 2001
From: Jared Hanson <jaredhanson@gmail.com>
Date: Tue, 17 May 2022 08:15:54 -0700
Subject: [PATCH] Regenerate session on login.

---
 lib/sessionmanager.js | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js
index 3d5c51ca..8647b9cc 100644
--- a/lib/sessionmanager.js
+++ b/lib/sessionmanager.js
@@ -10,24 +10,34 @@ function SessionManager(options, serializeUser) {
 }
 
 SessionManager.prototype.logIn = function(req, user, cb) {
+  console.log('SM: logIn');
+  
   var self = this;
-  this._serializeUser(user, req, function(err, obj) {
+  req.session.regenerate(function(err) {
     if (err) {
       return cb(err);
     }
-    // TODO: Error if session isn't available here.
-    if (!req.session) {
-      req.session = {};
-    }
-    if (!req.session[self._key]) {
-      req.session[self._key] = {};
-    }
-    req.session[self._key].user = obj;
-    cb();
+    
+    self._serializeUser(user, req, function(err, obj) {
+      if (err) {
+        return cb(err);
+      }
+      // TODO: Error if session isn't available here.
+      if (!req.session) {
+        req.session = {};
+      }
+      if (!req.session[self._key]) {
+        req.session[self._key] = {};
+      }
+      req.session[self._key].user = obj;
+      cb();
+    });
   });
 }
 
 SessionManager.prototype.logOut = function(req, cb) {
+  console.log('SM: logOut');
+  
   if (req.session && req.session[this._key]) {
     delete req.session[this._key].user;
   }