[TYPO3-core] RFC #10205: DB session record is only created when user is authenticated
Ingmar Schlecht
ingmar at typo3.org
Sat Jan 24 14:20:20 CET 2009
Martin Kutschker schrieb:
> Marcus Krause schrieb:
>> Martin Kutschker schrieb am 24.01.2009 11:59 Uhr:
>>> Marcus Krause schrieb:
>>>> No, this hasn't changed and will not change with this patch. Only
>>>> session ids of authenticated users are written to be/fe_sessions table.
>>>>
>>>> Due to this, sids change during an user's requests and in our case
>>>> commerce isn't able to keep a relationship between a user and its
>>>> basket.
>>> SIDs change when switching from unauthenticated (not logged in) to
>>> authenticated (logged in) state? Or are there random SID changes if
>>> you're not logged in.
>> As long as there's no record in fe_session_data (=data bind to anonymous
>> session) or in fe_sessions (=authenticated fe user), SIDs will change
>> per request.
>
> Does this mean any extension may simply put data into fe_session_data to
> make the anonymous session stable? In this case I don't think we need to
> do anything about it.
Yes.
cheers
Ingmar
--
Ingmar Schlecht
TYPO3 Core Developer
More information about the TYPO3-team-core
mailing list