[TYPO3-dev] Severe error caused by "solution" of session fixation bug
Christopher Lörken
christopher at loerken.net
Sat Feb 7 18:19:52 CET 2009
I am sorry Marcus but I think I have misjudged the problem.
The isEsxistingSession function is of course right in ignoring the IP
lock in the query since it would otherwise give the result false for a
session ID that is actually present in fe_users.
I thought I have found our problem in that method but sadly, I was wrong.
I'm sorry to have spamed this list with such false information.
More information about the TYPO3-dev
mailing list