[TYPO3-core] RFC: 11089 Fixing the built-in shopping basket
Mathias Schreiber [wmdb >]
mathias.schreiber at wmdb.de
Wed May 20 15:21:59 CEST 2009
Helmut Hummel schrieb:
> I confirm that the proposed patch works and is a straightforward
> solution. The intention of the check in record_registration in my
> understanding was to check if the Session-ID fetched from the cookie (or
> a special GET variable) is "valid" (in regard of it is the same as the
> Session-ID currently used).
>
> I don't see why this check is needed, since there's no way to avoid that
> a client that uses a proper ID may be a bot or script or the like. The
> ID is provided by TYPO3 and can easily be used by _any_ client.
>
> Only the comment above should be removed also, when making this change.
> So if this will be fixed during the commit I'll give my +1 by reading
> and testing.
I let the check for $cookieId in so if someone wants to flood the
session tables he/she at least needs to make cookies work, which is
pretty boring on the shell.
cheers
Mathias
--
TYPO3 certified intregator
T3DD09 Entertainer
More information about the TYPO3-team-core
mailing list