[TYPO3-core] RFC #0013938: Backend session is locked to useragent
Marcus Krause
marcus#exp2010 at t3sec.info
Fri Sep 3 12:03:24 CEST 2010
Björn Pedersen schrieb am 09/03/2010 11:49 AM Uhr:
> Am 03.09.2010 11:01, schrieb Markus Klein:
>> How do you intend to do that? I think it's not a good way to check specific
>> things a base class, which are subject to the specialized classes.
>> So no references to $GLOBALS['TYPO3_CONF_VARS']['BE'] in class
>> t3lib_userAuth.
>> (I know that there's already some code that uses BE settings, but we
>> shouldn't make it worse.)
>
> No it will be kept generic, the checks can be based on login_type.
> [...]
> The complete patch is v5.
> Advantages: Just one central place to check and set the options. Avoids
> the risk, that a be/fe_user instance is created manually and the
> lockIP/lockHashKeyWords are not set. Currently a
> makeInstance(beuser/feuser) is not enough. You have to remember to set
> all the options as it is done e.g. in tslib_fe.
v5 might break behavior if BE session is run in context of FE and vice
versa. But I don't know if such use case actually exists.
So this is just to have it mentioned here.
Marcus.
More information about the TYPO3-team-core
mailing list