[TYPO3-dev] Resolved Bug 10266 (Session handling - cannot login to >1 TYPO3 installation under one domain ) now appears with 4.0.13
Marcus Krause
marcus#exp2009 at t3sec.info
Thu Jul 16 10:34:07 CEST 2009
Thomas Schröder schrieb am 07/16/2009 08:24 AM Uhr:
> Hey there,
>
> bug 10266 [1] now appears with TYPO3 4.0.13. Tested with Firefox 3.0.11,
> Chrome 2 and IE8:
> "It is no longer possible to login (at the same time) to two or more
> TYPO3 installations located in different subfolders of the same
> (sub)domain.
> In other words, access to one installation breaks the session of the
> other(s)."
> Can somebody confirm this bug?
>
> Best regards,
> Thomas
>
> [1] http://bugs.typo3.org/view.php?id=10266
The bug that you mention (#10266) here has never been fixed for TYPO3
4.0.X, only for 4-1, 4-2 and trunk.
So the described behavior (no login to more TYPO3 installations on one
host) is exactly that way since the session fixation fix (like Ingmar
mentioned). This is also something I consider as "works as expected"!
This could be fixed if the #10266 patch would be applied to the 4.0.X.
However, the 4-0 branch of TYPO3 is officially no longer supported. I'd
like to encourage you to upgrade at least to 4-1! Then, changes are high
that described problem is no longer existent. ;-)
Marcus.
--
TYPO3 Security blog: http://secure.t3sec.info/
More information about the TYPO3-dev
mailing list