[BUGFIX] Improve check for started session in rsaauth
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 25 Sep 2011 10:54:31 +0000 (12:54 +0200)
committerHelmut Hummel <typo3@helmut-hummel.de>
Sat, 22 Oct 2011 12:27:48 +0000 (14:27 +0200)
Checking if the superglobal $_SESSION is an array is not reliable.
Change the check to use session_id() which is an empty string
if the session has not been started.

Resolves: #30270
Releases: 4.3, 4.4, 4.5, 4.6

Change-Id: I00d03ae70f3953e8efa3c5c473efa1852ba4c5ec
Reviewed-on: http://review.typo3.org/6190
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/rsaauth/sv1/storage/class.tx_rsaauth_split_storage.php

index b67aaca..86b283b 100644 (file)
@@ -47,7 +47,7 @@ class tx_rsaauth_split_storage extends tx_rsaauth_abstract_storage {
         * @return      void
         */
        public function __construct() {
-               if (!isset($_SESSION) || !is_array($_SESSION)) {
+               if (session_id() === '') {
                        session_start();
                }
        }