[TYPO3-core] RFC #13938: Backend session is locked to useragent
Markus Klein
m.klein at mfc-linz.at
Thu Sep 2 22:45:25 CEST 2010
Hi Steffen.
First , thx for taking care about this one. I'm now writing on behalf of
Bjoern. (@Bjoern: I hope you don't mind.)
At first which is most important: You have to install Firebug AND Fire PHP
(adds a blue bug icon to the Fire Bug console).
(Background: Fire PHP modifies the user-agent in order to signal a possibly
present Fire PHP server library, that it can send the specific http headers)
Side note: I think Fire PHP is really useful. There're extensions to
integrate it into TYPO3 DLOG.
_How to test_
cenario 2: Make sure Fire PHP is switched off. Login to Backend. Enable Fire
PHP. Do any action in the Backend and you'll be logged out again.
_The solution_
There is this member "$lockHashKeyWords" in class t3lib_userauth. It is
initalized with the value 'useragent' but this value cannot / is not changed
from outside.
The same concept and an installer option exists for the FE, which changes
the behaviour for fe_users.
Bjoern so just adds this option for BE as well.
Regards
Markus
> -----Original Message-----
> From: typo3-team-core-bounces at lists.typo3.org [mailto:typo3-team-core-
> bounces at lists.typo3.org] On Behalf Of Steffen Kamper
> Sent: Thursday, September 02, 2010 10:25 PM
> To: typo3-team-core at lists.typo3.org
> Subject: Re: [TYPO3-core] RFC #13938: Backend session is locked to
> useragent
>
> Hi,
>
> first you get more chances that anyone look to this RFC by setting a
proper
> title, see my post title.
>
> Second, briefly, i don't understand what the patch does by reading. And
the
> description don't help me understanding. And how to test, i don't know
what
> to test.
> Please try to give an example how to reproduce the logout, FB is opened in
> my case in 90% of testing anyways and i didn't had a logout yet.
>
> This are tips to get such patch in, as the current situation needs own
analysis
> of code and behaviour which seems time-cinsuming.
>
> vg Steffen
> _______________________________________________
> Before posting to this list, please have a look to the posting rules on
the
> following websites:
>
> http://typo3.org/teams/core/core-mailinglist-rules/
> http://typo3.org/development/bug-fixing/diff-and-patch/
> _______________________________________________
> TYPO3-team-core mailing list
> TYPO3-team-core at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-team-core
More information about the TYPO3-team-core
mailing list