Bug #78739
closed
Internal user data is not updated when session id is regenerated
100%
Description
AbstractUserAuthentication stores a copy of the session id (don't ask me why).
When regenerating the session id we need to update this storage as well.
This error was the reason for getting the invalid token message, after a re-login, when IP address changed.
After successful login the id is regenerated. Then the FormProtection framework save the form token to the session
with setAndSaveSessioData, which failed because this method tried to update the session data from the old id.
Updated by Helmut Hummel over 7 years ago
- Description updated (diff)
- Priority changed from Should have to Must have
Updated by Gerrit Code Review over 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50701
Updated by Gerrit Code Review over 7 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50702
Updated by Gerrit Code Review over 7 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50703
Updated by Anonymous over 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 20a82fc0d633e92c620bebefa91aa44777ab0009.
Updated by