Skip to content
Snippets Groups Projects
Commit 3e18ab87 authored by Helmut Hummel's avatar Helmut Hummel Committed by Jigal van Hemert
Browse files

[BUGFIX] Don't unnecessarily start PHP session 

Because of an information disclosure problem in the backend login
we moved the session_start() in t3lib_userauth in a place which caused
unwanted side effects with 3rd party extensions.

Revert that change to avoid compatibility and performance problems
and instead send no cache headers earlier in t3lib_userauth 
to also fix the information disclosure.


Releases: 4.3, 4.4, 4.5, 4.6
Resolves: #29274
Related: #24456, #28694

Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2
Reviewed-on: http://review.typo3.org/5007
Reviewed-by: Christopher Hlubek
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Xavier Perseguers
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
parent 8bad4620
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment