[TYPO3-core] Session handling
Stefan Terborg
terborg at simplethings.de
Thu Mar 5 11:32:25 CET 2015
Hello,
I posted this in the Dev mailinglist but got no answer and maybe it is better placed here, so I try.
In a Pentest for a customer session fixation turned up as a subject.
I did a bit of research through mailinglists and forge and found a lot of stuff concerning the session fixation bugfix and regression from 2009.
Further on I found this statement from the Core mailing list:
http://lists.typo3.org/pipermail/typo3-team-core/2013-February/053496.html
where a more advanced session handling is mentioned.
Has there been any development in this case?
Especially the renewal of the session id at access level change would be something interesting.
Regards,
Stefan Terborg
PS: The following pages are not found anymore but appear in the welcome message for this list:
http://typo3.org/teams/core/core-mailinglist-rules/
http://typo3.org/development/bug-fixing/diff-and-patch/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20150305/34fb2dec/attachment.htm>
More information about the TYPO3-team-core
mailing list