[TYPO3-dev] Session handling
Stefan Terborg
terborg at simplethings.de
Wed Feb 18 12:27:05 CET 2015
Hello,
in a Pentest for a customer session fixation turned up as a subject.
I did a bit of research through mailinglists and forge and found a lot of stuff concerning the session fixation bugfix and regression from 2009.
Further on I found this statement from the Core mailing list:
http://lists.typo3.org/pipermail/typo3-team-core/2013-February/053496.html
where a more advanced session handling is mentioned.
Has there been any development in this case?
Especially the renewal of the session id at access level change would be something interesting.
Regards
Stefan Terborg
(Certified TYPO3 Integrator)
--
SimpleThings GmbH
Internetagentur - Softwareentwicklung
fon 0228 944920 17 - fax 0228 944920 20
Münsterstraße 1 - 53111 Bonn
www.simplethings.de<http://www.simplethings.de/>
Geschäftsführer: Tobias Hövelborn, Sebastian Wahl
Amtsgericht Bonn, HRB 14292
Ust-ID: DE247366252
More information about the TYPO3-dev
mailing list