[TYPO3-core] Gremlin #1573: Admin user is logged out on testingbeuser settings

Martin Kutschker Martin.Kutschker at blackbox.net
Sun Nov 6 21:37:36 CET 2005

Michael Stucki <michael at typo3.org> writes on 
Sun, 06 Nov 2005 20:31:58 +0100 (MET):

> I've seen this nicely working on Sebastians computer. I think the
> only problem with this could be that an admin might visit a users
> computer to change some setting, test it, and forget to switch back
> to after this. So the user is now logged in as himself, but as soon
> as he presses the logout button, he will be back in the Admin
> session!
> Therefore, Sebastian has added some kind of highlighting to the
> logout button.

To protect it even more a checkbox in the user module could be placed. So that the switch-back feature must be anabled manually.

> With this change, I don't see this very nice change as a big risk,

Can the feature be a point of an attack? Yes, if a non-admin TYPO3 user or any DB-user directly somehow manages to manipulate the session table. 


More information about the TYPO3-team-core mailing list