Project

General

Profile

Actions

Bug #22336

closed

Backend session is locked to useragent

Added by Andre Haensel over 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2010-03-29
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When the browser changes the user agent, the user is logged out from backend. There is no configuration option for this.

The useragent string is changed e.g. by Firebug/FirePHP.

The lock provides no security against session hijacking because every attacker who can spoof the session id, can easily forge the useragent string, too.
(issue imported from #M13938)


Files

useragent.patch (4.23 KB) useragent.patch Administrator Admin, 2010-08-27 14:04
0013938_v2.patch (4.22 KB) 0013938_v2.patch Administrator Admin, 2010-08-27 14:28
0013938_v3.patch (2.86 KB) 0013938_v3.patch Administrator Admin, 2010-09-02 19:20
bug13938_v4.patch (2.88 KB) bug13938_v4.patch Administrator Admin, 2010-09-02 23:38

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #22251: Google Chrome Frame Plugin leading to lost sessionsClosedMichael Stucki2010-03-08

Actions
Has duplicate TYPO3 Core - Bug #23053: Typo3 login expiration note shown immediately after logon with Internet ExplorerClosedSteffen Gebert2010-06-30

Actions
Actions

Also available in: Atom PDF