Bug #28900

All links have Parameter PHPSESSID at first load of website URL

Added by Manfred Langhammer over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Won't have this time
Category:
-
Target version:
-
Start date:
2011-08-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Since Typo3 4.5.4 if a website is called the first time in the browser (= php tries to set the session cookie PHPSESSID the first time) all links are appended wit a URL Parameter "?PHPSESSID=xxxx"
It seems that this is the "default" behaviour of php if php does not know if a session cookie could be set. However this does not happen if I change the Typo3 version of this website back to 4.5.3.
This happens without login in backend or frontend and with all browsers I testes (= Firefox, IE, Safari, Opera, Chrome)

Ways to reproduce:
1) Change typo3_src to 4.5.4
2) Delete all session cookies in the browser before loading the URL
3) Load the URL -> All links are appended with PHPSESSID parameter, after reload of the page the Parameter dissappears (as the cookie is set now), if I deactivate cookies the PHPSESSID Parameter is added permanently.
4) Change typo3_src to 4.5.3
5) Delete all session cookies in the browser before loading the URL
6) Load the URL -> NO PHPSESSID parameter

This is a big problem from my point of view because the links with the PHPSESSID also appear in search engine result links. And the HTML does not validate with this Link Parameters.

I found the following report of another user reporting this issue: http://old.nabble.com/after-typo3-upgrade-to-4.5.4-PHPSESSID-is-shown-in-browser-url-td32192989.html


Related issues

Related to TYPO3 Core - Bug #29274: Regression on session handling for security fixClosedHelmut Hummel2011-08-26

Actions
Related to TYPO3 Core - Bug #24456: Information disclosure during backend loginClosed2011-01-03

Actions
Has duplicate TYPO3 Core - Bug #29021: PHPSESSID is displayed in browser URLClosed2011-08-16

Actions

Also available in: Atom PDF