[BUGFIX] Update session id in user property 02/50702/2
authorHelmut Hummel <info@helhum.io>
Thu, 17 Nov 2016 23:56:47 +0000 (23:56 +0000)
committerHelmut Hummel <typo3@helhum.io>
Fri, 18 Nov 2016 14:38:50 +0000 (15:38 +0100)
commit9a0d485db01477fca1e39be9abec110fe973f6e8
treeeb9aef9cd4844d19e12ce2d5f3add167ee448027
parent400e20021327fd676b0d6f7602918a4319d11577
[BUGFIX] Update session id in user property

The session id is also additionally stored in the
user property array in AbstractUserAuthentication.
When regenerating the session id, we must update the
session id in this user property as well, otherwise
it leads to failures in session handling (like #69763).

The workaround introduce for #69763 can stay, because
it mitigates other reasons for invalid tokens in the URL
by redirecting to the login page.

Resolves: #78739
Related: #69763
Releases: master, 7.6, 6.2
Change-Id: Ib58e6b5dacae3b9e431e662e214557411fd668f3
Reviewed-on: https://review.typo3.org/50702
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Helmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel <typo3@helhum.io>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php