From afcf20ecbeff927a82ae865336fe827cbe3f2328 Mon Sep 17 00:00:00 2001
From: Stephen Rees-Carter <stephen@rees-carter.net>
Date: Sun, 28 Sep 2025 10:32:01 +1000
Subject: [PATCH 1/4] Swap session migrate for regenerate in login flow

---
 src/Illuminate/Auth/SessionGuard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
index 985b0bb4407c..49bc8574f23c 100644
--- a/src/Illuminate/Auth/SessionGuard.php
+++ b/src/Illuminate/Auth/SessionGuard.php
@@ -575,7 +575,7 @@ protected function updateSession($id)
     {
         $this->session->put($this->getName(), $id);
 
-        $this->session->migrate(true);
+        $this->session->regenerate(true);
     }
 
     /**

From a23ee5a3129c3f54baec5d80b7e570d4b2c55fc3 Mon Sep 17 00:00:00 2001
From: Stephen Rees-Carter <stephen@rees-carter.net>
Date: Mon, 29 Sep 2025 23:31:38 +1000
Subject: [PATCH 2/4] Update AuthGuard tests

---
 src/Illuminate/Auth/SessionGuard.php |  2 +-
 tests/Auth/AuthGuardTest.php         | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
index 49bc8574f23c..e1fb1e1e1564 100644
--- a/src/Illuminate/Auth/SessionGuard.php
+++ b/src/Illuminate/Auth/SessionGuard.php
@@ -566,7 +566,7 @@ public function login(AuthenticatableContract $user, $remember = false)
     }
 
     /**
-     * Update the session with the given ID.
+     * Update the session with the given user ID and regenerate.
      *
      * @param  string  $id
      * @return void
diff --git a/tests/Auth/AuthGuardTest.php b/tests/Auth/AuthGuardTest.php
index d7df6decea9d..ed2b8e97d5bf 100755
--- a/tests/Auth/AuthGuardTest.php
+++ b/tests/Auth/AuthGuardTest.php
@@ -158,7 +158,7 @@ public function testAttemptAndWithCallbacks()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->getProvider()->shouldReceive('retrieveByCredentials')->times(3)->with(['foo'])->andReturn($user);
         $mock->getProvider()->shouldReceive('validateCredentials')->twice()->andReturnTrue();
         $mock->getProvider()->shouldReceive('validateCredentials')->once()->andReturnFalse();
@@ -233,7 +233,7 @@ public function testLoginStoresIdentifierInSession()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->login($user);
     }
 
@@ -261,7 +261,7 @@ public function testLoginFiresLoginAndAuthenticatedEvents()
         $mock->expects($this->once())->method('getName')->willReturn('foo');
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $mock->getSession()->shouldReceive('put')->with('foo', 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $mock->login($user);
     }
 
@@ -501,7 +501,7 @@ public function testLoginMethodQueuesCookieWhenRemembering()
         $cookie->shouldReceive('make')->once()->with($guard->getRecallerName(), 'foo|recaller|bar', 576000)->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('bar');
@@ -521,7 +521,7 @@ public function testLoginMethodQueuesCookieWhenRememberingAndAllowsOverride()
         $cookie->shouldReceive('make')->once()->with($guard->getRecallerName(), 'foo|recaller|bar', 5000)->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('bar');
@@ -540,7 +540,7 @@ public function testLoginMethodCreatesRememberTokenIfOneDoesntExist()
         $cookie->shouldReceive('make')->once()->andReturn($foreverCookie);
         $cookie->shouldReceive('queue')->once()->with($foreverCookie);
         $guard->getSession()->shouldReceive('put')->once()->with($guard->getName(), 'foo');
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $user = m::mock(Authenticatable::class);
         $user->shouldReceive('getAuthIdentifier')->andReturn('foo');
         $user->shouldReceive('getAuthPassword')->andReturn('foo');
@@ -608,7 +608,7 @@ public function testUserUsesRememberCookieIfItExists()
         $guard->getProvider()->shouldReceive('retrieveByToken')->once()->with('id', 'recaller')->andReturn($user);
         $user->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');
         $guard->getSession()->shouldReceive('put')->with($guard->getName(), 'bar')->once();
-        $session->shouldReceive('migrate')->once();
+        $session->shouldReceive('regenerate')->once();
         $this->assertSame($user, $guard->user());
         $this->assertTrue($guard->viaRemember());
     }

From c1e427616547a99c3c1f1087aabe9e7658a92281 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Tue, 30 Sep 2025 13:37:09 +0100
Subject: [PATCH 3/4] Update SessionGuard.php

---
 src/Illuminate/Auth/SessionGuard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
index e1fb1e1e1564..6d14e7e0bf9b 100644
--- a/src/Illuminate/Auth/SessionGuard.php
+++ b/src/Illuminate/Auth/SessionGuard.php
@@ -566,7 +566,7 @@ public function login(AuthenticatableContract $user, $remember = false)
     }
 
     /**
-     * Update the session with the given user ID and regenerate.
+     * Update the session with the given user ID and regenerate the session's token.
      *
      * @param  string  $id
      * @return void

From 60c95d50278555ffa77973b881358bb038116503 Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylor@laravel.com>
Date: Tue, 30 Sep 2025 13:37:44 +0100
Subject: [PATCH 4/4] Update SessionGuard.php

---
 src/Illuminate/Auth/SessionGuard.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Illuminate/Auth/SessionGuard.php b/src/Illuminate/Auth/SessionGuard.php
index 6d14e7e0bf9b..8b388af1b9e5 100644
--- a/src/Illuminate/Auth/SessionGuard.php
+++ b/src/Illuminate/Auth/SessionGuard.php
@@ -566,7 +566,7 @@ public function login(AuthenticatableContract $user, $remember = false)
     }
 
     /**
-     * Update the session with the given user ID and regenerate the session's token.
+     * Update the session with the given ID and regenerate the session's token.
      *
      * @param  string  $id
      * @return void