Regenerate session on login.

Author: jaredhanson

lib/sessionmanager.js

@@ -10,24 +10,34 @@ function SessionManager(options, serializeUser) {
 }
 
 SessionManager.prototype.logIn = function(req, user, cb) {
+ console.log('SM: logIn');
+ 
  var self = this;
- this._serializeUser(user, req, function(err, obj) {
+ req.session.regenerate(function(err) {
  if (err) {
  return cb(err);
  }
- // TODO: Error if session isn't available here.
- if (!req.session) {
- req.session = {};
- }
- if (!req.session[self._key]) {
- req.session[self._key] = {};
- }
- req.session[self._key].user = obj;
- cb();
+ 
+ self._serializeUser(user, req, function(err, obj) {
+ if (err) {
+ return cb(err);
+ }
+ // TODO: Error if session isn't available here.
+ if (!req.session) {
+ req.session = {};
+ }
+ if (!req.session[self._key]) {
+ req.session[self._key] = {};
+ }
+ req.session[self._key].user = obj;
+ cb();
+ });
  });
 }
 
 SessionManager.prototype.logOut = function(req, cb) {
+ console.log('SM: logOut');
+ 
  if (req.session && req.session[this._key]) {
  delete req.session[this._key].user;
  }