Bug #46097

Logged in user gets session of an other logged in user

Added by Stephan Herold over 8 years ago. Updated over 8 years ago.

Status:
New
Priority:
Must have
Assignee:
Category:
Session
Target version:
-
Start date:
2013-03-07
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

We (lets say our coustomer) discovered a strange behavior with the session handling.

An logged in user updated an object, was redirected to the 'index' and had the session of an other also logged in user.
It seems like some sort of session hijacking.

Due to the fact, that we work in 'production' mode we could not cover the bug throug logs.
But the projectmanager, wich was informed by the user, confirmed this behavior.

Affacted version typo3/flow-base-distribution dev-master (last updated 15.01.2013).

#1

Updated by Karsten Dambekalns over 8 years ago

Might affect 2.0 as well.

Also available in: Atom PDF