[TYPO3-dev] Session Transfer
Tapio Markula
tapio.markula at xetpoint.fi
Tue Nov 6 09:39:33 CET 2007
Dmitry Dulepov [typo3] kirjoitti:
> Franz Koch wrote:
>> I guess it's a security issue?
>
> Similar to PHP session transfer. Most sessions suffer from this issue. I
> doubt we can do anything about it. We cannot implement IP check on this
> because (1) anonymous proxies may give on ip for thousands of users and
> (2) some proxies keep changing IP adrees for each request.
Session related stuff can save for a user into database nicely by
creating serialized data. You have one field, unserialize existing data
and serialize new setting and save them.
Saving session related stuff works at that principle in tm_shared_lib.
Saves main and sub modules and last visited page. Using serialized data
you can easily add anything you want to save.
More information about the TYPO3-dev
mailing list