[BUGFIX] Improve check for started session in rsaauth
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 25 Sep 2011 10:54:31 +0000 (12:54 +0200)
committerJigal van Hemert <jigal@xs4all.nl>
Fri, 21 Oct 2011 20:17:20 +0000 (22:17 +0200)
Checking if the superglobal $_SESSION is an array is not reliable.
Change the check to use session_id() which is an empty string
if the session has not been started.

Change-Id: Iac913beee5af40d28c17ade6a8bfa17df4da2374
Resolves: #30270
Releases: 4.3, 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/5314
Reviewed-by: Oliver Klee
Reviewed-by: Jigal van Hemert
Reviewed-by: Zach Davis
Tested-by: Zach Davis
Tested-by: Jigal van Hemert
typo3/sysext/rsaauth/sv1/storage/class.tx_rsaauth_split_storage.php

index a6e3db0..669db05 100644 (file)
@@ -40,7 +40,7 @@ class tx_rsaauth_split_storage extends tx_rsaauth_abstract_storage {
         * @return      void
         */
        public function __construct() {
-               if (!isset($_SESSION) || !is_array($_SESSION)) {
+               if (session_id() === '') {
                        session_start();
                }
        }