* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
* Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
+ * Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
2010-07-27 Steffen Kamper <steffen@typo3.org>
*/
public function startSession() {
$_SESSION['created'] = time();
-
- return session_id();
+ // Be sure to use our own session id, so create a new one
+ return $this->renewSession();
}
/**
$_SESSION['lastSessionId'] = time();
$_SESSION['tstamp'] = time();
$_SESSION['expires'] = (time() + ($this->expireTimeInMinutes*60));
+ // Renew the session id to avoid session fixation
+ $this->renewSession();
}
/**