Project

General

Profile

Actions

Feature #14986

closed

Check if session_support is enabled in PHP

Added by Ingo Schmitt over 18 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Should have
Category:
Install Tool
Target version:
-
Start date:
2005-09-21
Due date:
% Done:

0%

Estimated time:
PHP Version:
4
Tags:
Complexity:
Sprint Focus:

Description

The Installtool does not check, if session_support is enabled in php.
Session support shoudl be enabled by php

(issue imported from #M1474)


Files

patch_installtool_session_support.txt (1.32 KB) patch_installtool_session_support.txt Administrator Admin, 2006-08-12 14:54

Related issues 4 (0 open4 closed)

Related to TYPO3 Core - Bug #16117: After The Update from 3.7.0 to 3.8.1 the session_start() - comman does not work anymoreClosed2006-05-03

Actions
Related to TYPO3 Core - Bug #15467: no login to backend possibleClosedMichael Stucki2006-01-20

Actions
Related to TYPO3 Core - Bug #15944: Backend Login not possibleClosedIngo Renner2006-03-29

Actions
Related to TYPO3 Core - Feature #65099: Check if session-handling is workingClosed2015-02-16

Actions
Actions #1

Updated by Michael Scharkow over 18 years ago

Could you elaborate on why this check is necessary?

Actions #2

Updated by Ingo Schmitt over 18 years ago

typo3/index.php relays on the global SESSIOn object (line 239 ff..

// Save challenge value in session data (thanks to Bernhard Kraft for providing code):
session_start();
$_SESSION['login_challenge'] = $challenge;

class.t3lib.user_auth.php, also Line 971 ff

Actions #3

Updated by Ingo Schmitt about 18 years ago

Will this be fixed in RC2?

Actions #4

Updated by Ingo Schmitt over 17 years ago

See Attached patch for fix, or revision 1682 in t3dd SVN Repository

Actions #5

Updated by Martin Kutschker about 17 years ago

I think that we could create a workaround for that and no rely on PHP sessions.

Actions #6

Updated by Michael Stucki about 17 years ago

Martin: Why should we add an own implementation when there is a common used PHP module for that?

Actions #7

Updated by Ingo Schmitt about 17 years ago

If TYPO3 relays on Session support it should be tested and documentated in the System requirements, if the code is changed to not relay on session support it will be great :-)

Actions #8

Updated by Martin Kutschker about 17 years ago

Michael, I'd try to avoid a new dependency if possible. IMHO it's not too hard to store one value during login by ourselves.

But of course we could use PHP sessions, but why does TYPO3 offer a DB based one of it's own?

The "only" majaor flaw of TYPO3's session handling is that it issues a new session id, but does not store it in the DB. If it did could store the challenge there.

Any stale sessions could be cleaned as usual.

Actions #9

Updated by Michael Stucki about 17 years ago

Martin, the session requirement was there since ages, so there is no new dependency added by this.

If you think it will be easy to solve this different, please let me know. Otherwise I just agree with Ingo that the check should be added...

Actions #10

Updated by Martin Kutschker about 17 years ago

Hehe, seems I never disabed session support then. Well, for 4.1 (and possibly 4.0) we better add the check then.

Maybe I or someone else can write a fallback (or a changed session handling) for 4.2.

Actions #11

Updated by Michael Stucki almost 17 years ago

Fixed in Trunk

Actions

Also available in: Atom PDF