Project

General

Profile

Actions
Copy link

Bug #59614

closed

The property newSessionID is used in a wrong context in AbstractUserAuthentication

Added by Helmut Hummel almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-06-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The fix for #57751 was to force the cookie to be set again although it was
deleted in the same request again (when an anonymous session was already present), but setting the internal property
->newSessionID to true (later in the request in ->setSessionCookie() it is checked whether a cookie needs to be set).

The fix introduced for #58713 tackled the issue that the cookie is unexpectedly deleted
when an anonymous session is present and a login attempt failed.
By fixing #58713 the issue in #57751 is also fixed, so we do not need to abuse the
->newSessionID to force the cookie to be set and can rely on this property only to be set
when actually a new session ID is generated.

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #57751: Felogin session not setClosedMarkus Klein2014-04-08

Actions
Related to TYPO3 Core - Bug #58713: Failed feuser login removes the existing session dataClosed2014-05-12

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review almost 10 years ago

  • Status changed from New to Under Review

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30753

Actions
Copy link
 #2

Updated by Helmut Hummel almost 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF