[TYPO3-core] RFC #10205: DB session record is only created when user is authenticated
Martin Kutschker
masi-no at spam-typo3.org
Sat Jan 24 10:17:48 CET 2009
Marcus Krause schrieb:
>>
>> Now the question is, how should we treat that situation:
>>
>> a) Ignore but warn users of that extension
>> b) Add a fix for commerce to the core - see attached patch
>> c) Add a configuration flag that disables the session fixation fix (so
>> that the user gets more time to wait for a fix from the commerce
>> developers).
>
> Im sorry Michael for getting on your nerves, but there is
>
> d) Do it the consistent way; keep track of issued session ids.
> (meaning save all sid in be_/fe_sessions)
I'm confused. What happens now?
I always thought that generating SIDs but not storing them is stupid. Is
this changed now?
Masi
More information about the TYPO3-team-core
mailing list