Bug #46097
Logged in user gets session of an other logged in user
| Status: | New | Start date: | 2013-03-07 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Robert Lemke | % Done: | 0% |
|
| Category: | Session | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | Affected Flow version: | Git master |
Description
We (lets say our coustomer) discovered a strange behavior with the session handling.
An logged in user updated an object, was redirected to the 'index' and had the session of an other also logged in user.
It seems like some sort of session hijacking.
Due to the fact, that we work in 'production' mode we could not cover the bug throug logs.
But the projectmanager, wich was informed by the user, confirmed this behavior.
Affacted version typo3/flow-base-distribution dev-master (last updated 15.01.2013).
History
#1 Updated by Karsten Dambekalns over 2 years ago
Might affect 2.0 as well.