Session data not cleared on logout
A FE user logs in, I set some session data that get's saved in
fe_sesson_data. Now the user logs out, another FE user logs in (same
browser, same machine, a second later).
This new user has the same session data as the one that just logged out. So
logoff() deletes the data from fe_sessions, but fe_session_data is only
cleaned with a 1% chance, not during logoff.
Obviously this needs to be changed, as session data should not persist.
(issue imported from #M1252)
Updated by Karsten Dambekalns over 16 years ago
Not a bug as such. First of all, this is documented behaviour (see http://typo3.org/documentation/document-library/doc_core_tsref/Storing_user_data_or/). And there is a way to work around this: by using getSessionData() and setAndSaveSessionData() instead.
Updated by Sebastian Mendel about 10 years ago
new link to dev list thread: http://lists.typo3.org/pipermail/typo3-dev/2005-June/011090.html