[TYPO3-core] RFC #10205: DB session record is only created when user is authenticated

Martin Kutschker masi-no at spam-typo3.org
Sat Jan 24 14:17:08 CET 2009


Marcus Krause schrieb:
> Martin Kutschker schrieb am 24.01.2009 11:59 Uhr:
>> Marcus Krause schrieb:
>>> No, this hasn't changed and will not change with this patch. Only
>>> session ids of authenticated users are written to be/fe_sessions table.
>>>
>>> Due to this, sids change during an user's requests and in our case
>>> commerce isn't able to keep a relationship between a user and its
>>> basket.
>>
>> SIDs change when switching from unauthenticated (not logged in) to
>> authenticated  (logged in) state? Or are there random SID changes if
>> you're not logged in.
> 
> As long as there's no record in fe_session_data (=data bind to anonymous
> session) or in fe_sessions (=authenticated fe user), SIDs will change
> per request.

Does this mean any extension may simply put data into fe_session_data to
make the anonymous session stable? In this case I don't think we need to
do anything about it.

Masi


More information about the TYPO3-team-core mailing list