[TYPO3-core] RFC: 11089 Fixing the built-in shopping basket
Helmut Hummel
typo3 at jhpc.de
Sun Jun 14 23:41:09 CEST 2009
Hi,
Am 20.05.2009 15:21 Uhr, schrieb Mathias Schreiber [wmdb >]:
>
> I let the check for $cookieId in so if someone wants to flood the
> session tables he/she at least needs to make cookies work, which is
> pretty boring on the shell.
Since TYPO3 supports a GET fallback ($_GET['ftu']) to submit the session
id for frontend sessions, checking for $cookieId in this place is
pointless.
However the check ($this->cookieId===$this->id) was also pointless
before TYPO3 checked for session fixation, since it was always the same,
if you transmitted any id (no matter if by cookie or by ftu).
Regards Helmut
More information about the TYPO3-team-core
mailing list