[TYPO3-core] RFC #0013938: Backend session is locked to useragent
Markus Klein
m.klein at mfc-linz.at
Wed Nov 17 22:14:54 CET 2010
Please, put this one into 4.5beta1!
Thx a lot
Markus
> On 03.09.10 23:14, Helmut Hummel wrote:
> >
> > On 03.09.10 21:00, Helmut Hummel wrote:
> >
> >> Additionally I moved the setting of lockHashKeyWords a bit down
> >> because it was inbetween session id retrieving/ generation.
>
> Reminder
>
> This is easy to test:
>
> 1. Install the firefox plugin user agent switcher
> https://addons.mozilla.org/de/firefox/addon/59/
>
> 2. Log into the backend
> 3. Change the user agent -> you are logged out 4. Change the intall tool
> setting for the backend to an empty string 5. Log in, change user agent,
see
> that you are not logged out any more
>
>
> Once this is in, I will come up with another RFC, changing the default, so
that
> this additional locking will be removed (as discussed in the Security
Team).
>
> Regards Helmut
More information about the TYPO3-team-core
mailing list