[TYPO3-dev] Problem with RSAAuth extension
Helmut Hummel
helmut.hummel at typo3.org
Fri Oct 21 11:33:29 CEST 2011
Zach,
On 21.10.11 01:33, Zachary Davis wrote:
> I don't want to get stuck in an argument about the correct place to make
> the fix and then not get this problem fixed. So, I will go ahead and
> push a patch to gerrit that modifies RSAauth to check for the session ID
> (rather than checking if $_SESSION is an array).
this patch is alrady there, waiting to be reviewed (mentioned several
times in this thread):
https://review.typo3.org/#change,5314
> This will mean that
> RSAauth will start the session and overwrite the time tracking value
> that was set by index_ts.php when a BE user is logged in.
This means that the inclusion of class.t3lib_div.php and
class.t3lib_extmgm.php will not be measured.
> Can you live with this as a fix
I can perfectly live with that.
> Surely this is a better solution than leaving the default
> frontend login broken in 4.6, given that many clients/users will indeed
> login on the front-end while also logged into the backend.
I totally agree.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list