Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745.2.30
diff -u -p -r1.745.2.30 user.module
--- modules/user/user.module	10 May 2008 02:12:41 -0000	1.745.2.30
+++ modules/user/user.module	23 Jul 2008 19:18:35 -0000
@@ -965,9 +965,11 @@ function user_login_submit($form_id, $fo
     // Update the user table timestamp noting user has logged in.
     db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
 
+    // Regenerate the session ID to prevent against session fixation attacks.
+    sess_regenerate();
+
     user_module_invoke('login', $form_values, $user);
 
-    sess_regenerate();
     return 'user/'. $user->uid;
   }
 }