Bug #33094
security token when relogin after session expired
| Status: | New | Start date: | 2012-01-10 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Pagetree | |||
| Target version: | 4.5.12 | |||
| TYPO3 Version: | 4.5 | Complexity: | ||
| PHP Version: | 5.2 | |||
| Votes: | 2 (View) |
Description
when i re login me, from the extjs window, after my session has expired, i've ExtDirect security token alert :
- on page icon click : context menu not displayed
- on page title click : form not appears
typo3 version 4.5.10
arrives with chrome, not tested with another browsers
History
Updated by Ernesto Baschny over 1 year ago
- Target version changed from 4.5.11 to 4.5.12
Updated by Bart Dubelaar 8 months ago
See #24870, might be caused by the configuration of $TYPO3_CONF_VARS['BE']['loginSecurityLevel']
Updated by Bart Dubelaar 8 months ago
Found an interesting workaround. Enter a wrong password first and then enter a correct password.
For me this works. The problem lies in the function hasLoginBeenProcessed() of class.ajaxlogin.php.
In this class the following compare is done:
((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id)
For me these are equal when I enter the correct password directly, but they are different after entering a wrong one first.
Updated by Bart Dubelaar 8 months ago
It seems like that all goes well only by accident with the default loginSecurityLevel. This is because the getChallenge request of the extjs loginbox effectively logs out the user before doing the real authentication. This explain why the "wrong password first" workaround works, as this also logs out the user first.
Updated by Fronzes Philippe 8 months ago
Hi,
I get this error too, with version 4.5.19, and with default 'loginSecurityLevel'.