Bug #19994
closedHTTPS for BE login – lockSSL = 3 is broken
0%
Description
If the config variable $TYPO3_CONF_VARS["BE"]["lockSSL"] is set to '3' (SSL only for login), it is impossible to reach BE.
Error message: Login-error or session timed-out / No user logged in! Sorry, I can't proceed then! / (You must have cookies enabled!)
In case of $TYPO3_CONF_VARS["BE"]["lockSSL"] = '1' or '2', everything is fine and I can reach full HTTPS backend without any problem, but SSL for whole BE is very resource-consuming, I would prefer it just for login.
HTTP HEADERS OF LOGIN PROCESS
(BE address without using SSL)
http://www.domain.com/typo3/index.php
GET /typo3/index.php HTTP/1.1
HTTP/1.x 302 Moved Temporarily
Location: https://www.domain.com/typo3/index.php
(redirect to SSL login page)
https://www.domain.com/typo3/index.php
GET /typo3/index.php HTTP/1.1
HTTP/1.x 200 OK
Set-Cookie: be_typo_user=XXXXX; path=/
(page with login form)
(HTTPS page after clicking "Log In" Button)
POST /typo3/index.php HTTP/1.1
Cookie: be_typo_user=XXXXX; fe_typo_user=YYYY;
Content-Length: 202
login_status=login&username=admin&p_field=&commandLI=Log+In&userident=ZZZ&challenge=AAA&redirect_url=backend.php&loginRefresh=&interface=backend
(HTTP page with error message)
HTTP/1.x 302 Found
Set-Cookie: be_typo_user=BBBB; path=/
Location: https://www.domain.com/typo3/backend.php
(issue imported from #M10401)
Updated by Steffen Müller about 15 years ago
Sorry, I cannot reproduce this. I have multiple sites using lockSSL=3 on up to date 4.2 and it works.
Updated by Alexander Opitz almost 11 years ago
- Status changed from New to Closed
- Target version deleted (
0)
No response in over one year => closed.