[TYPO3-core] Session handling
terborg at simplethings.de
Thu Mar 5 11:32:25 CET 2015
I posted this in the Dev mailinglist but got no answer and maybe it is better placed here, so I try.
In a Pentest for a customer session fixation turned up as a subject.
I did a bit of research through mailinglists and forge and found a lot of stuff concerning the session fixation bugfix and regression from 2009.
Further on I found this statement from the Core mailing list:
where a more advanced session handling is mentioned.
Has there been any development in this case?
Especially the renewal of the session id at access level change would be something interesting.
PS: The following pages are not found anymore but appear in the welcome message for this list:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TYPO3-team-core