Regenerate session during Auth::login() (#57204)

valorin · taylorotwell · web-flow · commit 975d60a5a38d · 2025-10-08T16:34:35.000-05:00
* Swap session migrate for regenerate in login flow

* Update AuthGuard tests

* Update SessionGuard.php

* Update SessionGuard.php

---------

Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
@@ -566,7 +566,7 @@ public function login(AuthenticatableContract $user, $remember = false)
     }
 
     /**
-     * Update the session with the given ID.
+     * Update the session with the given ID and regenerate the session's token.
      *
      * @param  string  $id
      * @return void
@@ -575,7 +575,7 @@ protected function updateSession($id)
     {
         $this->session->put($this->getName(), $id);
 
-        $this->session->migrate(true);
+        $this->session->regenerate(true);
     }
 
     /**
diff --git a/tests/Auth/AuthGuardTest.php b/tests/Auth/AuthGuardTest.php
@@ -158,7 +158,7 @@ public function testAttemptAndWithCallbacks()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->getProvider()->shouldReceive('retrieveByCredentials')->times(3)->with(['foo'])->andReturn($user);
         $mock->getProvider()->shouldReceive('validateCredentials')->twice()->andReturnTrue();
         $mock->getProvider()->shouldReceive('validateCredentials')->once()->andReturnFalse();
@@ -233,7 +233,7 @@ public function testLoginStoresIdentifierInSession()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->login($user);
     }
 
@@ -261,7 +261,7 @@ public function testLoginFiresLoginAndAuthenticatedEvents()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->login($user);
     }
 
@@ -501,7 +501,7 @@ public function testLoginMethodQueuesCookieWhenRemembering()
         $cookie->shouldReceive('make')->once()->with($guard->getRecallerName(), 'foo|recaller|bar', 576000)->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('bar');
@@ -521,7 +521,7 @@ public function testLoginMethodQueuesCookieWhenRememberingAndAllowsOverride()
         $cookie->shouldReceive('make')->once()->with($guard->getRecallerName(), 'foo|recaller|bar', 5000)->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('bar');
@@ -540,7 +540,7 @@ public function testLoginMethodCreatesRememberTokenIfOneDoesntExist()
         $cookie->shouldReceive('make')->once()->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('foo');
@@ -608,7 +608,7 @@ public function testUserUsesRememberCookieIfItExists()
         $guard->getProvider()->shouldReceive('retrieveByToken')->once()->with('id', 'recaller')->andReturn($user);
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $guard->getSession()->shouldReceive('put')->with($guard->getName(), 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $this->assertSame($user, $guard->user());
         $this->assertTrue($guard->viaRemember());
     }

Original file line number	Diff line number	Diff line change
`@@ -566,7 +566,7 @@ public function login(AuthenticatableContract $user, $remember = false)`
`566`	`566`	`}`
`567`	`567`
`568`	`568`	`/**`
`569`		`- * Update the session with the given ID.`
	`569`	`+ * Update the session with the given ID and regenerate the session's token.`
`570`	`570`	`*`
`571`	`571`	`* @param string $id`
`572`	`572`	`* @return void`
`@@ -575,7 +575,7 @@ protected function updateSession($id)`
`575`	`575`	`{`
`576`	`576`	`$this->session->put($this->getName(), $id);`
`577`	`577`
`578`		`- $this->session->migrate(true);`
	`578`	`+ $this->session->regenerate(true);`
`579`	`579`	`}`
`580`	`580`
`581`	`581`	`/**`