[TYPO3-dev] Flash requests logs out FE users in IE?(solved)
Morten Olesen
mo at idefa.dk
Fri Dec 5 11:01:07 CET 2008
Hi,
deleting useragent from [FE][lockHashKeyWords] in the install tool does
the trick as for some reason flash in an IE browser will set the UA to
"Shockwave Flash" rather than the browser.
The security impact is negligible as anyone anyone with your session
cookie would also have access to your browsers UA string - and changing
a browsers UA string is a trivial task.
/Morten Olesen
Morten Olesen wrote:
> Hi,
>
> Not sure if this is the correct group to ask this - if not I'd
> appreciate a pointer to the correct place.
>
> I have the following problem;
>
> I order to make file uploads easy I made a flash uploader, this uses
> it's own session aparently so it's not logged in.
>
> as a result the page it's submitting to does not require a login, every
> other page does.
>
> This works perfectly in firefox, how ever in IE when the applet makes a
> request the user is no longer logged in ( clicking any link or making
> ajax requests shows this ).
>
> The only difference I can find is that the flash component in IE send
> along the browser cookies, where as the flash component in FF does not.
>
> Anyone have a clue as to what is going on here, or how I can fix it?
>
> /Morten Olesen
More information about the TYPO3-dev
mailing list