[TYPO3-dev] Tangled-up user authentication
Mathias Schreiber [wmdb >]
mathias.schreiber at wmdb.de
Mon Apr 20 12:13:33 CEST 2009
Christopher Lörken schrieb:
> So... I'm about to XCLASS tslib_feuserauth to rewrite necessary parts
> for a "slim" authentication. What I would really like to know is if I
> have overlooked some crucial part in my simple setup... I
>
> especially do not understand the famous session fixation problem and why
> the ID always changes...
>
> All comments on any of this are highly appreciated.
ok, here we go...
First off, I am a bit biased about the session_data thing.
Making it configurable is not bad, but in order to keep the "hey, my ext
doesn't work anymore" postings low I suggest that you have to ENABLE
slim auth instead of by default disabling the session data feature. Just
the other way around.
Then I would move the is_online thingy to the session table, since it is
more likely that there are less sessions than users (unless there are a
lot of guests (I think this term is best for "not-logged-in-users").
This way we get less updates on the fe_users table, while the session
table should be used for "moving data" anyways.
cheers
Mathias
More information about the TYPO3-dev
mailing list