Bug #28948
closedSession is always started
0%
Description
We have severe problems with fb_magento
after a recent change in TYPO3 4.5.4. The problem is, that the session is started before Magento is initialized.
I don't see any option in TYPO3 to disable the call to session_start or the FE user initialization at all.
I consider this as a bug, since in some setups you don't want a PHP session (e.g. websites without FE users and session storage) for performance reasons.
Updated by Jigal van Hemert over 13 years ago
- Status changed from New to Needs Feedback
This change was part of a security update. I don't think it will be reverted.
I don't see the problem reported in the typogento bugtracker; in fact there isn't much activity there (latest version is over a year old and that means that there have been new TYPO3 major versions since then).
I don't consider it a bug that TYPO3 starts a session for a user who is not logged in. The problem is probably within the extension.
Can you provide more information why exactly the extension has to rely on the fact that no PHP session was started?
Updated by Thorsten Kahler over 13 years ago
- Status changed from Needs Feedback to Accepted
- Target version set to 4.5.6
Jigal van Hemert wrote:
No, it's not:I don't consider it a bug that TYPO3 starts a session for a user who is not logged in. The problem is probably within the extension.
- sessions are now started even in command line mode
- it's not possible to have "cookie free domains" (append the session ID to the URL parameters is not an option for security reasons)
Since you both mention a change but don't name it i guess you're talking about 281713c3?
Updated by Helmut Hummel over 13 years ago
- Status changed from Accepted to Closed
Closed as duplicate