[TYPO3-core] RFC #0013938: Backend session is locked to useragent
Markus Klein
m.klein at mfc-linz.at
Wed Dec 1 09:28:11 CET 2010
REMINDER #2
Regards
Markus
> Subject: Re: [TYPO3-core] RFC #0013938: Backend session is locked to
> useragent
>
> Please, put this one into 4.5beta1!
>
> Thx a lot
> Markus
>
> > On 03.09.10 23:14, Helmut Hummel wrote:
> > >
> > > On 03.09.10 21:00, Helmut Hummel wrote:
> > >
> > >> Additionally I moved the setting of lockHashKeyWords a bit down
> > >> because it was inbetween session id retrieving/ generation.
> >
> > Reminder
> >
> > This is easy to test:
> >
> > 1. Install the firefox plugin user agent switcher
> > https://addons.mozilla.org/de/firefox/addon/59/
> >
> > 2. Log into the backend
> > 3. Change the user agent -> you are logged out 4. Change the intall
> > tool setting for the backend to an empty string 5. Log in, change user
> > agent,
> see
> > that you are not logged out any more
> >
> >
> > Once this is in, I will come up with another RFC, changing the
> > default, so
> that
> > this additional locking will be removed (as discussed in the Security
> Team).
> >
> > Regards Helmut
More information about the TYPO3-team-core
mailing list