Bug #43110

FlowSession: renewId() looses data of existing session

Added by Robert Lemke almost 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
Category:
Session
Start date:
2012-11-19
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:
medium

Description

Using FlowSession, on renewing the session identifier (for example after an authenticate() call), some session data seems to get lost, most importantly the security context.

This is due to the current implementation of renewId() which loads (ie. unserializes) all current session data in order to store it to cache entries with the new session id. This effectively overwrites any security context or other session-scoped object currently in memory with the state found in the old cache entry.

#1

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16575

#2

Updated by Robert Lemke almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF