Bug #19908
closed
session fixation fix avoid BE login
0%
Description
After the fixation fix i can't login in BE.
To be more precise:
Login works, but i'm logged out immediately and only get error bos with "Login-error or session timed-out"
If i comment the fixation check in class.t3lib_userauth.php, line 229, login works again.
(issue imported from #M10257)
Updated by Steffen Kamper over 15 years ago
problem occurs in trunk (other branches not tested yet)
Updated by Marcus Krause over 15 years ago
cannot confirm in my specific setup:
FF2, cookie validity set to browser session only, t3sec_saltedpw auth services
Updated by Steffen Kamper over 15 years ago
i tracked it down, and it was a second cookie that got priority.
Domain was home.local.com
There was a cookie for .local.com, the written cookie had home.local.com but was ignored.
Only way to get login back was to delete the cookie.
Updated by Ralf Hettinger over 15 years ago
I can confirm this (and it is probably solvable by playing with the conf vars to avoid cookie validity for the whole top level domain): The BE login by default will respect cookies set to the top level domain. Therefore one might recognize inconsistent behaviour (meaning to be logged out immediately) if accessing different TYPO3 versions' backends located within the same tld domain, if one backend is < 4.2.4 | 4.1.8 while the other >= ... or while logging in at one subdomain and the browser still has "older" cookies from another subdomain of the same tld named be_typo3_user.
Updated by Ralf Hettinger over 15 years ago
Uh... shouldn't write here when it's too late. Of course top level domain should read domain...
Updated by Thomas Schröder over 15 years ago
Login to one installation works fine, but loading a page from another TYPO3 installation raise the Login-error. See bug ID 0010266.
Reproducible with 4.2.6dev and 4.2.5.
Updated by Helmut Hummel over 15 years ago
Updated by Andreas Becker (Andi) about 15 years ago
Fresh Install Version 4.3.0alpha2 has same problem. You get logged out immediately you have been logged in.
But often before this happens we also get errors like:
that the backend loads in the right column and than turns grey shadded and the login error appears in the main column.
Or:
Fatal error: Cannot run code from this file in conjunction with non encoded files in /domainpath ... /typo3conf/ext/templavoila_pagemod/mod1/conf.php on line 392
Updated by Helmut Hummel about 15 years ago
Hi Andreas, could you please recheck if this error happens on clean TYPO3 installation, meaning not having any third party extension (like templavoila_pagemod or even templavoila) installed.
Regarding the fatal error: this cannot be a TYPO3 core issue, since this seems to be a problem regarding Zend Guard encoded files.
Updated by Oliver Hader over 14 years ago
No further feedback provided - closing this issue.
Updated by