[TYPO3-core] RFC #10205: DB session record is only created when user is authenticated

Helmut Hummel typo3 at jhpc.de
Sat Jan 24 00:08:06 CET 2009


Hi,

Michael Stucki schrieb:
> This is a SVN patch request.
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=10205
> 
> Solution:
> The solution is to check in the "fe_session_data" if the first test
> didn't succeed. This happens at the cost of an additional DB query,
> however I see no way to work around this without making bigger changes.

seems like the problem with session data for unauthentivated users will 
be solved with this patch.

But there is still the problem with not beeing able to authenticate as 
backend user (and maybe frontend user), unless clearing the cookies 
after the update to the version with the fixed session fixation issue?

(see: http://bugs.typo3.org/view.php?id=10216)

Unfortunatly it does not happen all the time and not in every TYPO3 
installation, so I'm currently not able to perfectly reproduce this issue.

Kind regards
Helmut


More information about the TYPO3-team-core mailing list