[TYPO3-core] Session handling

Stefan Terborg terborg at simplethings.de
Thu Mar 5 11:32:25 CET 2015


I posted this in the Dev mailinglist but got no answer and maybe it is better placed here, so I try.

In a Pentest for a customer session fixation turned up as a subject.

I did a bit of research through mailinglists and forge and found a lot of stuff concerning the session fixation bugfix and regression from 2009.

Further on I found this statement from the Core mailing list:


where a more advanced session handling is mentioned.

Has there been any development in this case?
Especially the renewal of the session id at access level change would be something interesting.

Stefan Terborg

PS: The following pages are not found anymore but appear in the welcome message for this list:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20150305/34fb2dec/attachment.htm>

More information about the TYPO3-team-core mailing list