[TYPO3-english] Using sessions in external PHP-Scripts

Jean-Bernard Valentaten valentaten at phase4.de
Tue Mar 17 17:45:45 CET 2009


Just in case someone might have the same difficulties I had, I found a 
solution to the Problem in the typo3.dev newsgroup.
Here's the quote with special thanks to Martin Holz:

> [snip]
>> This behavior is caused by the session fixation code as you have
>> correctly identified. The session id only stays static for logged in 
>> users.
>
> well, thats not correct. If there is data in fe_session_data, the
> session will not be changed.
> But if you are not logged in, and there is no extension which saves
> something in fe_session_data there will be allways a new session id.
>
> I now found an workaround without removing session-fixation fix:
>
> Set
> $TYPO3_CONF_VARS['FE']['maxSessionDataSize'] = 0;
>
> the reason is:
>
> in class.tslib_feuserauth.php
> in function record_registration
>
> there is an if statement:
> if (!$maxSizeOfSessionData || $this->cookieId===$this->id)
>
> So, the cookieId is allways != $this->id if you are not logged in. But
> setting $maxSizeOfSessionData=0 helps. But then it would be possible to
> bloat the Database.
> So, it is not really a good solution.

Hope that helps other frustrated upgraders ;)



More information about the TYPO3-english mailing list