[BUGFIX] Don't unnecessarily start PHP session
authorHelmut Hummel <helmut.hummel@typo3.org>
Sat, 17 Sep 2011 15:59:51 +0000 (17:59 +0200)
committerJigal van Hemert <jigal@xs4all.nl>
Mon, 19 Sep 2011 19:24:32 +0000 (21:24 +0200)
commit3e18ab8726e5586d9ef8888ffce49a6cf7e03b53
tree45a6134cfcb0542c4b2afaafe2ee301bf3267283
parent8bad4620b4a0c44369f559a4c82d4ed0497532ce
[BUGFIX] Don't unnecessarily start PHP session

Because of an information disclosure problem in the backend login
we moved the session_start() in t3lib_userauth in a place which caused
unwanted side effects with 3rd party extensions.

Revert that change to avoid compatibility and performance problems
and instead send no cache headers earlier in t3lib_userauth
to also fix the information disclosure.

Releases: 4.3, 4.4, 4.5, 4.6
Resolves: #29274
Related: #24456, #28694

Change-Id: I87226a21d9b1955773ceb3c377fa1b4c9938e6b2
Reviewed-on: http://review.typo3.org/5007
Reviewed-by: Christopher Hlubek
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
Reviewed-by: Xavier Perseguers
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
t3lib/class.t3lib_userauth.php