[BUGFIX] Don't unnecessarily start PHP session
authorHelmut Hummel <helmut.hummel@typo3.org>
Sat, 17 Sep 2011 15:59:51 +0000 (17:59 +0200)
committerHelmut Hummel <typo3@helmut-hummel.de>
Mon, 19 Sep 2011 19:41:15 +0000 (21:41 +0200)
commit3863b1be2b3837c9924ce991919e1e89e6cfad26
treee7800a2e7df4f1e43cd1f1c5147e350c02637b24
parent530f06375e78ab4d4485dd92c1cb7b7bcffd4bc3
[BUGFIX] Don't unnecessarily start PHP session

Because of an information disclosure problem in the backend login
we moved the session_start() in t3lib_userauth in a place which caused
unwanted side effects with 3rd party extensions.

Revert that change to avoid compatibility and performance problems
and instead send no cache headers earlier in t3lib_userauth
to also fix the information disclosure.

Releases: 4.3, 4.4, 4.5, 4.6
Resolves: #29274
Related: #24456, #28694

Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2
Reviewed-on: http://review.typo3.org/5070
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
t3lib/class.t3lib_userauth.php