Admin interface security improved, thanks to Stefan Esser.

serendipity_config.inc.php

@@ -16,8 +16,7 @@ if (!headers_sent()) {
     // and be regenerated with a system-generated SID.
     // Patch by David Vieira-Kurz of majorsecurity.de
     if (!isset($_SESSION['SERVER_GENERATED_SID'])) {
-        session_destroy();
-        session_regenerate_id();
+        session_regenerate_id(true);
         session_start();
         header('X-Session-Reinit: true');
         $_SESSION['SERVER_GENERATED_SID'] = true;