Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745.2.35
diff -u -F^f -r1.745.2.35 user.module
--- modules/user/user.module	8 Oct 2008 20:10:26 -0000	1.745.2.35
+++ modules/user/user.module	16 Sep 2009 19:32:02 -0000
@@ -1149,6 +1149,8 @@ function user_pass_reset($uid, $timestam
           $user = $account;
           // And proceed with normal login, going to user page.
           $edit = array();
+          // Regenerate the session ID to prevent against session fixation attacks.
+          sess_regenerate();
           user_module_invoke('login', $edit, $user);
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
           drupal_goto('user/'. $user->uid .'/edit');