[TYPO3-core] RFC #10205: DB session record is only created when user is authenticated
Stanislas Rolland
typo3 at sjbr.ca
Sat Jan 24 02:15:00 CET 2009
Michael Stucki a écrit :
> Oh well... What a mess!
>
> After verifying the patch on a clients site, I can confirm that it
> works, however there are still more problems to be resolved.
>
> The extension "commerce" does for some reason use its own session
> database, meaning there is no content in fe_session, no content in
> fe_session_data, but there is content in tx_commerce_baskets!
>
> Now the question is, how should we treat that situation:
>
> a) Ignore but warn users of that extension
> b) Add a fix for commerce to the core - see attached patch
> c) Add a configuration flag that disables the session fixation fix (so
> that the user gets more time to wait for a fix from the commerce
> developers).
>
> Attached is a post patch that implements a check for the commerce
> extension. However, what if there are more such extensions playing their
> own game?
>
Perhaps provide a hook that commerce and others can use?
Stanislas
More information about the TYPO3-team-core
mailing list