[TYPO3-dev] Session Fixation "Feature" -> breaks Session Handling
Steffen Ritter
info at rs-websystems.de
Fri Nov 13 15:08:04 CET 2009
Olivier Schopfer schrieb:
> Martin Holtz wrote:
>> Hi,
>>
>> i used sessions only via typoscript but it is not possible anymore.
>>
>> I removed the session fixation fix to get it running again:
>>
>> http://blog.martinholtz.de/blog-post/2009/01/25/session-verwenden-mit-typoscript/
>>
>>
>> There was the simple solution to name an input-field in an special
>> syntax:
>>
>> <form method="post">
>> <label for="test">Namen eingeben:</label>
>> <input id="test" type="text" value="" name="recs[ts][name]"
>> action="###URL###" />
>> <input type="submit" />
>> </form>
>>
>> That stores the value in the session.
>>
>> With
>>
>> 10 = TEXT
>> 10.data = TSFE:fe_user|sesData|recs|ts|name
>>
>> i can read it out.
>>
>> But with session-fixation fix, that solution does not work anymore.
>>
>> I tried to debug, but didnt really found the reason...
>>
>> any hint?
>>
>> thanks,
>> martin
>
> Friends,
>
> I understand all what has been said, but it contradicts what is still in
> the TSREF manual:
> http://typo3.org/documentation/document-library/references/doc_core_tsref/4.2.0/view/1/14/#id4501321
>
>
> With session-fixation, this feature doesn't work any longer.
>
> In our case, it just unactivated our little online shop without any
> warning! Bad...
>
> Shouldn't a session be locked as soon as some data of the form
> recs[table_name][uid_of_record] is posted?
>
> Thanks.
> Olivier
Working fine for me ... Even in 4.2.10 :)
Don't know what we're doing differently...
regards
Steffen
More information about the TYPO3-dev
mailing list