[TYPO3-dev] Session Transfer

[Dmitry Dulepov [typo3]]

Franz Koch wrote:
> I guess it's a security issue?

Similar to PHP session transfer. Most sessions suffer from this issue. I doubt we can do anything about it. We cannot implement IP check on this because (1) anonymous proxies may give on ip for thousands of users and (2) some proxies keep changing IP adrees for each request.

-- 
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs