http://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692011-09-17T16:04:24ZTYPO3 ForgeTYPO3 Core - Bug #29927: Remove occurences of session_start()http://forge.typo3.org/issues/29927?journal_id=866462011-09-17T16:04:24ZChris topher
<ul><li><strong>Subject</strong> changed from <i>no use of session_start() per default</i> to <i>Remove occurences of session_start()</i></li></ul> TYPO3 Core - Bug #29927: Remove occurences of session_start()http://forge.typo3.org/issues/29927?journal_id=869002011-09-18T22:09:48ZHelmut Hummeltypo3@helhum.io
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Needs Feedback</i></li></ul><p>I agree, that a PHP session must not be started for every frontend request. This is a bug, which is addressed in <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: Regression on session handling for security fix (Closed)" href="http://forge.typo3.org/issues/29274">#29274</a></p>
<p>Can you check if the bugfix there solves your issue?</p>
<p>For authentication there is no way around using the php session because, the TYPO3 (backend-) session is bound to an authenticated user. <br />In the PHP session the challenge ("normal" be-login, which is btw. the case since version 3.8 or so) or one part of the rsa private key is stored.</p>
<p>I agree that the whole session management needs a cleanup, but this is <br />a) a huge task<br />b) not reasonable to just remove all usage of the PHP session.</p>
<p>So if <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: Regression on session handling for security fix (Closed)" href="http://forge.typo3.org/issues/29274">#29274</a> fixes your problem in the frontend I would rather close this ticket and go for small steps in revamping the session management starting from version 4.7.</p> TYPO3 Core - Bug #29927: Remove occurences of session_start()http://forge.typo3.org/issues/29927?journal_id=907022011-10-17T20:05:05ZChristian Kuhnlolli@schwarzbu.ch
<ul><li><strong>Status</strong> changed from <i>Needs Feedback</i> to <i>Closed</i></li></ul><p>Closed after a month since the issue is also tackled with the related issue.</p>