Hi,
this change is already visible in public SVN and will be published in next beta
release. Small overview about change – session regeneration is forced in
oxcmp_user::_afterLogin():
...
if ( $this->getLoginStatus() === USER_LOGIN_SUCCESS ) {
$oSession->regenerateSessionId();
}
...
Arvydas Vapsva
From: Chris Jolly
Sent: Wednesday, March 09, 2011 7:54 PM
To: [email protected]
Subject: Re: [oxid-dev-general] Important information
Hi Dainius,
is this code change already visible in the latest beta release of 4.5 ? Some of
our modules will need to be updated to support this. We need to see the changed
Session ID code to see how complex it is to make the necessary changes in our
modules.
Thanks and regards,
Chris Jolly
--------------------------------------------------------------------------------
From: Dainius Bigelis <[email protected]>
To: "[email protected]" <[email protected]>
Sent: Wed, March 9, 2011 4:52:04 PM
Subject: Re: [oxid-dev-general] Important information
Hi,
... as you asked - we got an idea :)
We already announced some quite important changes in API fo eShop upcomming in
the 4.5.0 version. So now we thought that this change (regenerating session ID)
also can be implemented in version 4.5.0 and developers would be able to check
their modules for all changes at once. Should be less work for you in total...
And we hope that several weeks are enough to check/apply your modules just
because change in session handling, so we are going to implement this change in
4.5.0.
Please tell if it's not enough time and you need some half a year for that.
Best regards,
Dainius Bigelis
________________________________________
From: [email protected]
[[email protected]] on behalf of Arvydas
[[email protected]]
Sent: Tuesday, March 08, 2011 3:35 PM
To: [email protected]
Subject: Re: [oxid-dev-general] Important information
Yes, informing you to be ready for that in near future.
Arvydas Vapsva
-----Pirminis laiškas-----
From: Tobias Merkl
Sent: Tuesday, March 08, 2011 3:31 PM
To: [email protected]
Subject: Re: [oxid-dev-general] Important information
Did you really mean 4.6?
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Arvydas
Gesendet: Dienstag, 8. März 2011 14:22
An: [email protected]
Betreff: [oxid-dev-general] Important information
Hi everybody,
Important information for module developers, partners.
Version 4.6 comes with improvements in session handling logic. One of the
major change
will be forced (on user registration, login etc.) usage of
session_regenerate_id() function,
which regenerates active session id.
Review your modules if this change may affect existing modules.
Regards
Arvydas Vapsva
_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general
_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general
_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general
_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general
--------------------------------------------------------------------------------
_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general_______________________________________________
dev-general mailing list
[email protected]
http://dir.gmane.org/gmane.comp.php.oxid.general
