Project

General

Profile

Actions

Bug #59614

closed

The property newSessionID is used in a wrong context in AbstractUserAuthentication

Added by Helmut Hummel over 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-06-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The fix for #57751 was to force the cookie to be set again although it was
deleted in the same request again (when an anonymous session was already present), but setting the internal property
->newSessionID to true (later in the request in ->setSessionCookie() it is checked whether a cookie needs to be set).

The fix introduced for #58713 tackled the issue that the cookie is unexpectedly deleted
when an anonymous session is present and a login attempt failed.
By fixing #58713 the issue in #57751 is also fixed, so we do not need to abuse the
->newSessionID to force the cookie to be set and can rely on this property only to be set
when actually a new session ID is generated.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #57751: Felogin session not setClosedMarkus Klein2014-04-08

Actions
Related to TYPO3 Core - Bug #58713: Failed feuser login removes the existing session dataClosed2014-05-12

Actions
Actions

Also available in: Atom PDF