[TYPO3-core] RFC: 11089 Fixing the built-in shopping basket

Benjamin Mack benni at typo3.org
Thu Dec 24 17:40:53 CET 2009


Hey Helmut,
hey Mattes,

On 14.06.09 23:41, Helmut Hummel wrote:
>
> Since TYPO3 supports a GET fallback ($_GET['ftu']) to submit the session
> id for frontend sessions, checking for $cookieId in this place is
> pointless.
>
> However the check ($this->cookieId===$this->id) was also pointless
> before TYPO3 checked for session fixation, since it was always the same,
> if you transmitted any id (no matter if by cookie or by ftu).
Can we get this patch in then by removing the check completely?

All the best,
Benni.



More information about the TYPO3-team-core mailing list