[TYPO3-core] RFC #14367: Install Tool does not provide a logout possibility
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed May 12 14:50:37 CEST 2010
Steffen Kamper schrieb am 12.05.2010 13:32:
> Hi Ernesto,
>
> Ernesto Baschny [cron IT] schrieb:
>> Hi,
>>
>> the whole session-handling goes through $this->session, which is handled
>> in tx_install_session.
>>
>> So please add the destroy() method to the session class, to guarantee
>> that all session related stuff happens there, allowing that class to be
>> easily replaced.
>>
>
>
> valid one.
> Looking to session class i stumbled on method "destroy" - it only
> deletes a session file, but don't destroy the session. Sloppy integration?
Steffen, I would say "sloppy looking" on your side. Read the code again.
The destroy() implements the handler for the session_destroy(). We use
PHP sessions, but implement our own routines. The fact that we use PHP
sessions was decided some time ago, but we cannot use the PHP default
routines because they are a) unsafe in standard config and b) unflexible.
So we should implement a "public" API function to destroy the session
which calls session_destroy(), which on its own will call our private
destroy() implementation.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list