Merge pull request #94 from thedevdojo/Fix-login-vulnerabilities

Fix login vulnerabilities

resources/views/pages/auth/login.blade.php

@@ -108,8 +108,10 @@ public function authenticate()
             event(new Login(auth()->guard('web'), $this->userModel->where('email', $this->email)->first(), true));
 
             if(session()->get('url.intended') != route('logout.get')){
+                session()->regenerate();
                 redirect()->intended(config('devdojo.auth.settings.redirect_after_auth'));
             } else {
+                session()->regenerate();
                 return redirect(config('devdojo.auth.settings.redirect_after_auth'));
             }
         }

resources/views/pages/auth/register.blade.php

@@ -108,8 +108,10 @@ public function register()
         }
 
         if (session()->get('url.intended') != route('logout.get')) {
+            session()->regenerate();
             redirect()->intended(config('devdojo.auth.settings.redirect_after_auth'));
         } else {
+            session()->regenerate();
             return redirect(config('devdojo.auth.settings.redirect_after_auth'));
         }
     }