Bug #14847: Session data not cleared on logout - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #14847

closed

Session data not cleared on logout

Added by Karsten Dambekalns almost 19 years ago. Updated over 12 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Karsten Dambekalns

Category:

Target version:

Start date:

2005-06-30

Due date:

% Done:

Estimated time:

TYPO3 Version:

3.7.1

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

A FE user logs in, I set some session data that get's saved in
fe_sesson_data. Now the user logs out, another FE user logs in (same
browser, same machine, a second later).

This new user has the same session data as the one that just logged out. So
logoff() deletes the data from fe_sessions, but fe_session_data is only
cleaned with a 1% chance, not during logoff.

Obviously this needs to be changed, as session data should not persist.

http://typo3.org/documentation/mailing-lists/dev-list-archive/thread/110129500/
(issue imported from #M1252)