Fixed bug #9384: FE session hijacking

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@4155 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 01fa4aa..43804bc 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2008-09-20  Dmitry Dulepov  <dmitry@typo3.org>
+
+       * Fixed bug #9384: FE session hijacking
+
 2008-09-19  Benjamin Mack  <benni@typo3.org>
 
        * Fixed bug #9393: Cosmetic Code Cleanup for the cms sysext

diff --git a/typo3/sysext/cms/tslib/class.tslib_feuserauth.php b/typo3/sysext/cms/tslib/class.tslib_feuserauth.php
index 1ffd4e0..a996046 100644 (file)
--- a/typo3/sysext/cms/tslib/class.tslib_feuserauth.php
+++ b/typo3/sysext/cms/tslib/class.tslib_feuserauth.php
@@ -107,7 +107,6 @@ class tslib_feUserAuth extends t3lib_userAuth {
        var $lifetime = 0;                              // Client session lifetime. 0 = Session-cookies. If session-cookies, the browser will stop the session when the browser is closed. Otherwise this specifies the lifetime of a cookie that keeps the session.
        var $sendNoCacheHeaders = 0;
        var $getFallBack = 1;                                           // If this is set, authentication is also accepted by the _GET. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
-       var $hash_length = 10;
        var $getMethodEnabled = 1;                                      // Login may be supplied by url.
 
        var $usergroup_column = 'usergroup';