[TYPO3-core] RFC #0013938: Backend session is locked to useragent
Markus Klein
m.klein at mfc-linz.at
Fri Sep 3 11:01:31 CEST 2010
>
> Am 03.09.2010 09:40, schrieb Bjoern Pedersen:
> > Am 03.09.2010 00:26, schrieb Marcus Krause:
> >> Hi!
> >>
> >> Markus Klein schrieb am 09/02/2010 11:35 PM Uhr:
> >>> Ok you're right!
> >>> Nevertheless I suggest to introduce this additional option for BE,
> >>> so one can decide wether to change this only for FE or also for BE.
> >>> Therefore i moved this configuration into class beUserAuth.
> >>>
> >>> So please have a look at patch v4.
> >>
> >> Much better. However, there's a further possibility:
> >> I searched for an option that allows separate configuration for FE an
> >> BE. Such option is *lockIP*.
> >>
> >> For BE *the one and only place* where *lockIP* is set based on the
> >> configuration is after the instanciation of "t3lib_beUserAuth" in
> >> typo3/init.php around line 425.
> >>
> >> I'd let core devs decide what they believe is appropriate.
> >>
> >> Marcus.
> >
> > That's also what my initial patch did: Introduce separate
> > TYPO3CONFVars for FE and BE. Setting it in the base class still allows
> > for the differentiation.
> Answering to myself: It seems, also BEuser->lockIP is set too often. I
will try
> to create a new patch today where everthing is moved to typo3confvars and
> t3lib-userauth.php.
How do you intend to do that? I think it's not a good way to check specific
things a base class, which are subject to the specialized classes.
So no references to $GLOBALS['TYPO3_CONF_VARS']['BE'] in class
t3lib_userAuth.
(I know that there's already some code that uses BE settings, but we
shouldn't make it worse.)
Regards
Markus
More information about the TYPO3-team-core
mailing list