[TYPO3-core] RFC #0013938: Backend session is locked to useragent

[Markus Klein]

REMINDER #3

Please, can some core dev finally take care of this one? Thx.
 
Regards
Markus

> -----Original Message-----
> From: typo3-team-core-bounces at lists.typo3.org [mailto:typo3-team-core-
> bounces at lists.typo3.org] On Behalf Of Markus Klein
> Sent: Wednesday, December 01, 2010 9:28 AM
> To: 'TYPO3 core team'
> Subject: Re: [TYPO3-core] RFC #0013938: Backend session is locked to
> useragent
> 
> REMINDER #2
> 
> Regards
> Markus
> 
> 
> > Subject: Re: [TYPO3-core] RFC #0013938: Backend session is locked to
> > useragent
> >
> > Please, put this one into 4.5beta1!
> >
> > Thx a lot
> > Markus
> >
> > > On 03.09.10 23:14, Helmut Hummel wrote:
> > > >
> > > > On 03.09.10 21:00, Helmut Hummel wrote:
> > > >
> > > >> Additionally I moved the setting of lockHashKeyWords a bit down
> > > >> because it was inbetween session id retrieving/ generation.
> > >
> > > Reminder
> > >
> > > This is easy to test:
> > >
> > > 1. Install the firefox plugin user agent switcher
> > > https://addons.mozilla.org/de/firefox/addon/59/
> > >
> > > 2. Log into the backend
> > > 3. Change the user agent -> you are logged out 4. Change the intall
> > > tool setting for the backend to an empty string 5. Log in, change user
> > > agent,
> > see
> > > that you are not logged out any more
> > >
> > >
> > > Once this is in, I will come up with another RFC, changing the
> > > default, so
> > that
> > > this additional locking will be removed (as discussed in the Security
> > Team).
> > >
> > > Regards Helmut
> 
> _______________________________________________
> Before posting to this list, please have a look to the posting rules
> on the following websites:
> 
> http://typo3.org/teams/core/core-mailinglist-rules/
> http://typo3.org/development/bug-fixing/diff-and-patch/
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core