[TYPO3-core] RFC #0013938: Backend session is locked to useragent
Helmut Hummel
helmut at typo3.org
Tue Nov 9 12:30:55 CET 2010
Hi,
On 03.09.10 23:14, Helmut Hummel wrote:
>
> On 03.09.10 21:00, Helmut Hummel wrote:
>
>> Additionally I moved the setting of lockHashKeyWords a bit down because
>> it was inbetween session id retrieving/ generation.
Reminder
This is easy to test:
1. Install the firefox plugin user agent switcher
https://addons.mozilla.org/de/firefox/addon/59/
2. Log into the backend
3. Change the user agent -> you are logged out
4. Change the intall tool setting for the backend to an empty string
5. Log in, change user agent, see that you are not logged out any more
Once this is in, I will come up with another RFC, changing the default,
so that this additional locking will be removed (as discussed in the
Security Team).
Regards Helmut
More information about the TYPO3-team-core
mailing list