[TYPO3-dev] Sessions and the "fe_typo_user" cookie
Ernesto Baschny [cron IT]
ernst at cron-it.de
Mon Sep 24 08:27:47 CEST 2012
Dmitry Dulepov schrieb am 21.09.2012 11:05:
> Arjen Hoekema wrote:
>> I was wondering if it is possible to set the "fe_typo_user" cookie
>> containing the session id only when there is session data that should be
>> persisted.
>
> Not a solution but the reason why the cookie is set: it is possible to
> bind data to the current session even if the user is not logged in. I am
> not sure why it was chosen not to use PHP sessions but to invent an own
> way but this is why the cookie is set. Btw, PHP session cookie may also
> be set in some cases, so you would need to watch for that too. If you
> disable the cookie, beware that some exts (very few of them) may stop
> working properly.
Some captcha extensions are affected, but of course also others might do
it. Usually extensions that include external libraries that work with
PHP sessions already.
Cheers,
Ernesto
More information about the TYPO3-dev
mailing list