[TYPO3-core] RFC: 11089 Fixing the built-in shopping basket
Mathias Schreiber [wmdb]
mathias.schreiber at wmdb.de
Fri May 15 23:51:33 CEST 2009
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=11089
Branches:
TYPO3_4-2 & trunk
Problem:
Session fixation bugfix breaks the built-in shoppping basket
Solution:
Remove the check for $this->cookieId === $this->id and only check for
$this->cookieId.
Notes:
We are not sure if this implies any other security issues by removing
the check.
Security team: Please advise.
cheers
Mathias
More information about the TYPO3-team-core
mailing list