Commit 20a82fc0 authored by Helmut Hummel's avatar Helmut Hummel Committed by Helmut Hummel
Browse files

[BUGFIX] Update session id in user property

The session id is also additionally stored in the
user property array in AbstractUserAuthentication.
When regenerating the session id, we must update the
session id in this user property as well, otherwise
it leads to failures in session handling (like #69763).

The workaround introduce for #69763 can stay, because
it mitigates other reasons for invalid tokens in the URL
by redirecting to the login page.

Resolves: #78739
Related: #69763
Releases: master, 7.6, 6.2
Change-Id: Ib58e6b5dacae3b9e431e662e214557411fd668f3
Reviewed-on: https://review.typo3.org/50701

Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: Stephan Großberndt's avatarStephan Großberndt <stephan@grossberndt.de>
Reviewed-by: default avatarJoerg Boesche <typo3@joergboesche.de>
Reviewed-by: default avatarDaniel Goerz <ervaude@gmail.com>
Reviewed-by: Helmut Hummel's avatarHelmut Hummel <typo3@helhum.io>
Tested-by: Helmut Hummel's avatarHelmut Hummel <typo3@helhum.io>
parent f64b639a
......@@ -832,6 +832,7 @@ abstract class AbstractUserAuthentication
['ses_id' => $this->id],
['ses_id' => $oldSessionId, 'ses_name' => $this->name]
);
$this->user['ses_id'] = $this->id;
$this->newSessionID = true;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment