[TYPO3-core] Re: Re: Regression in 4.5.23

[Mathias Schreiber]

Quote: Lorenz Ulrich wrote on Tue, 19 February 2013 22:45
> We all know it's much more convenient to rant a little bit in the 
> mailing list...

I have to admit that I consider it much more convinient to not have patches break stuff that has been around since TYPO3 3.2beta1 and that have never been marked deprecated.

Even more disturbing:
All this dates back to 4.2 or 4.3 (not sure which one it was) where the whole "session-gate" problem kept a LOT of people busy without a practical result.

The problem was to randomize sessionKeys in order to improve security.
On the other hand all randomization was halted as soon as data was stored.
So basically the "fix" secures all your data as long you don't have any just to stick to the old way (insecure) once you have data.

You don't really have to be a genius to see that this is... well... ineffective to be policitally correct.
Breaking session handling AGAIN is just even more ineffective.

So please bear with the people who have been through all this already and are starting to lose their temper.

In regards to "always test new version blabla":
Since a FIX (!) should NEVER EVER break (!) existing behaviour I hereby revoke your argument.

My solution:
If it ain't broken - don't fix it.
If it is broken - fix it properly.

And this is why people rant.
If session handling would have been messed up all the time, everybody would be calm.
If you break stuff that worked before, people get angry because it costs them money.
The session-gate back in the day cost us about 10 grand - just because somebody wasn't knowing what he did.

Just to explain why people get angry - maybe you can relate somehow and cut them some slack.