[TYPO3-dev] Session Fixation "Feature" -> breaks Session Handling
Armin Günther
armin.guenther at augusta.de
Thu Mar 26 09:07:56 CET 2009
Hi,
I recently stumbled across the same problem as Martin described in the
opening post of this thread: Session handling for anonymous users is
broken by the session fixation feature. The problem is pretty well
documented as bug 0010205 in the bugtacker and is treated as "resolved"
but for me the problem still exists (even after
<file_download.php?file_id=6539&type=bug>bug_10205_v5.patch).
<file_download.php?file_id=6539&type=bug>
I used setKey() and getKey() to store and retriev date in
fe_session_data for anonymous(!) users; table fe_sessions remains empty
This doesn't work any more for me (v. 4.2.6) in general, only after
setting <file_download.php?file_id=6539&type=bug>
$TYPO3_CONF_VARS['FE']['maxSessionDataSize'] = 0
<file_download.php?file_id=6539&type=bug>
as Martin detected (thanx!) or commenting out
<file_download.php?file_id=6539&type=bug>
!$this->isExistingSessionRecord($id)
<file_download.php?file_id=6539&type=bug>
in t3lib_userauth row 229 as it is recommended for example here:
<file_download.php?file_id=6539&type=bug>http://blog.artif-orange.de/typo3
<file_download.php?file_id=6539&type=bug>
Both solutions obviously are only workarounds and I wonder if this
problem is still on the agenda of some core developers - whom by the way
I would like to express my gratitude for their great work!
Armin
More information about the TYPO3-dev
mailing list