[TYPO3-dev] Session Fixation "Feature" -> breaks Session Handling
Christopher Lörken
christopher at loerken.net
Tue Mar 3 19:04:39 CET 2009
Hi Martin,
I'm not entirely sure if I understood what you are trying to do but:
Are you trying to store something in a user session for users who are
not logged in to the page?
If yes, your problem might be, that the last Typo3 update changed the
behavior to generating a new session id for not logged in users on every
page load.
That means:
visit frontpage -> new session id
visit forum -> new session id
visit news -> new session id
read news -> new session id
This behavior is caused by the session fixation code as you have
correctly identified. The session id only stays static for logged in users.
Maybe this info helps a bit.
Cheers,
Christopher
More information about the TYPO3-dev
mailing list