[TYPO3-dev] Session Fixation "Feature" -> breaks Session Handling
Martin Holtz
typo3 at martinholtz.de
Sat Nov 14 18:46:30 CET 2009
Hi Olivier,
> I understand all what has been said, but it contradicts what is still in
> the TSREF manual:
> http://typo3.org/documentation/document-
library/references/doc_core_tsref/4.2.0/view/1/14/#id4501321
>
> With session-fixation, this feature doesn't work any longer.
>
> In our case, it just unactivated our little online shop without any
> warning! Bad...
yep.
There is a "workaround":
Set
$TYPO3_CONF_VARS['FE']['maxSessionDataSize'] = 0;
> Shouldn't a session be locked as soon as some data of the form
> recs[table_name][uid_of_record] is posted?
afaik yes.
martin
--
http://blog.martinholtz.de
http://wiki.typo3.org/Ts45min - TypoScript in "45" Minutes
http://wiki.typo3.org/De:ts45min - (auch in Deutsch)
More information about the TYPO3-dev
mailing list