From 6ad1262122d6a718636b41fcd85aeeeb65f80a7c Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 15 Jan 2024 11:08:37 +0000
Subject: [PATCH] fixes #3607

Closes #3607

Merge request studip/studip!2498
---
 lib/phplib/Seminar_Session.class.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/phplib/Seminar_Session.class.php b/lib/phplib/Seminar_Session.class.php
index 8fdb61c7abf..4f801073981 100644
--- a/lib/phplib/Seminar_Session.class.php
+++ b/lib/phplib/Seminar_Session.class.php
@@ -230,12 +230,16 @@ class Seminar_Session
         );
         session_cache_limiter("nocache");
         //check for illegal cookiename
-        if (isset($_COOKIE[$this->name])) {
-            if (mb_strlen($_COOKIE[$this->name]) != 32 || preg_match('/[^0-9a-f]+/', $_COOKIE[$this->name])) {
-                session_id(md5(uniqid($this->name, 1)));
-            }
-        } else {
-            session_id(md5(uniqid($this->name, 1)));
+        if (
+            !isset($_COOKIE[$this->name])
+            || mb_strlen($_COOKIE[$this->name]) !== 32
+            || preg_match('/[^0-9a-f]+/', $_COOKIE[$this->name])
+        ) {
+            do {
+                $new_id = md5(bin2hex(random_bytes(128)));
+            } while (!$this->that->ac_newid($new_id));
+
+            session_id($new_id);
         }
 
         $ok = session_start();
-- 
GitLab