Project

General

Profile

Actions
Copy link

Bug #19916

closed

Session handling - cannot login to >1 TYPO3 installation under one domain

Added by Tomas Mrozek about 15 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Marcus Krause
Category:
-
Target version:
-
Start date:
2009-01-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

With the new session handling introduced in 4.2.4 it is no longer possible to login (at the same time) to two or more TYPO3 installations located in different subfolders of the same (sub)domain.
In other words, access to one installation breaks the session of the other(s).

TYPO3 should handle sessions according to the exact path of the TYPO3 (sub)folder within the domain.

I think that it's a significant change of behavior within the current branch that creates a problem for administrators.
(issue imported from #M10266)

Files

Download all files
10266.diff (6.02 KB) 10266.diff Administrator Admin, 2009-03-15 12:39
10266_v3.diff (6.12 KB) 10266_v3.diff Administrator Admin, 2009-03-22 09:41

Related issues 4 (0 open4 closed)

Related to TYPO3 Core - Bug #19908: session fixation fix avoid BE loginClosedOliver Hader2009-01-25

Actions
Related to TYPO3 Core - Bug #19879: after upgrade from 4.1.7 to 4.1.8 feusers and beusers have to clear there cookie cache before they can loginClosedHelmut Hummel2009-01-21

Actions
Related to TYPO3 Core - Bug #19912: The Bug 0010205 "DB session records are only created when users authenticate " is not solved in Typo 4.2.5 and 4.1.9ClosedHelmut Hummel2009-01-25

Actions
Related to TYPO3 Core - Bug #19883: timout after backend login in 4.2.4ClosedChristian Kuhn2009-01-21

Actions
Actions
Copy link
 #1

Updated by Marcus Krause about 15 years ago

The only possible solution (which isn't implemented and therefore currently not working) is to limit each session id cookie to the subfolder, TYPO3 is existing in.
Example:
example.org/cms1/
example.org/cms2/

Actions
Copy link
 #2

Updated by Thomas Schröder about 15 years ago

I can confirm this behavior with TYPO3 4.2.5, FF3, IE7. Steffens workarround in bug #19908 works also fine for this bug.

Edit: I have to correct me. Steffens workarround #19908 does not solve the problem.

Actions
Copy link
 #3

Updated by Luc Germain about 15 years ago

This problem is also present in 4.1 since 4.1.8.

Actions
Copy link
 #4

Updated by Anonymous about 15 years ago

I can confirm this issue in 4.1.10. Please consider fixing this. Maybe putting additional info into the cookies to distinguish them is possible.

Actions
Copy link
 #5

Updated by Marcus Krause about 15 years ago

added patch that set path parameter to setcookie() calls whenever possible

Actions
Copy link
 #6

Updated by Thomas Schröder about 15 years ago

The patch v3 works fine for me. Tested with 4.2.7-dev and 4.3-dev (latest rel.) on 3 installations.

Actions
Copy link
 #7

Updated by Christian Kuhn about 15 years ago

Committed to

  • 4.1 (r5299)
  • 4.2 (r5300)
  • trunk (r5301)
Actions
Copy link

Also available in: Atom PDF