Bug #28948
closed
Session is always started
Added by Christopher Hlubek over 12 years ago.
Updated over 12 years ago.
Description
We have severe problems with fb_magento
after a recent change in TYPO3 4.5.4. The problem is, that the session is started before Magento is initialized.
I don't see any option in TYPO3 to disable the call to session_start or the FE user initialization at all.
I consider this as a bug, since in some setups you don't want a PHP session (e.g. websites without FE users and session storage) for performance reasons.
- Status changed from New to Needs Feedback
This change was part of a security update. I don't think it will be reverted.
I don't see the problem reported in the typogento bugtracker; in fact there isn't much activity there (latest version is over a year old and that means that there have been new TYPO3 major versions since then).
I don't consider it a bug that TYPO3 starts a session for a user who is not logged in. The problem is probably within the extension.
Can you provide more information why exactly the extension has to rely on the fact that no PHP session was started?
- Status changed from Needs Feedback to Accepted
- Target version set to 4.5.6
Jigal van Hemert wrote:
I don't consider it a bug that TYPO3 starts a session for a user who is not logged in. The problem is probably within the extension.
No, it's not:
- sessions are now started even in command line mode
- it's not possible to have "cookie free domains" (append the session ID to the URL parameters is not an option for security reasons)
Since you both mention a change but don't name it i guess you're talking about 281713c3?
- Status changed from Accepted to Closed
Also available in: Atom
PDF