Index: t3lib/config_default.php
===================================================================
--- t3lib/config_default.php	(Revision 6441)
+++ t3lib/config_default.php	(Arbeitskopie)
@@ -275,6 +275,7 @@
 			'BackendLogin::logout'			 	=> 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
 			'BackendLogin::refreshLogin'		=> 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
 			'BackendLogin::isTimedOut'		 	=> 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
+			'BackendLogin::getChallenge'	 	=> 'typo3/classes/class.ajaxlogin.php:AjaxLogin->getChallenge',
 			'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
 			'WorkspaceMenu::setWorkspace'           => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
 		),
Index: typo3/js/loginrefresh.js
===================================================================
--- typo3/js/loginrefresh.js	(Revision 6441)
+++ typo3/js/loginrefresh.js	(Arbeitskopie)
@@ -118,18 +118,18 @@
 					inputType: "hidden",
 					name: "challenge",
 					id: "challenge",
-					value: TYPO3.configuration.challenge
+					value: ''
 				}
 			],
 			keys:({
 				key: Ext.EventObject.ENTER,
-				fn: this.submitForm,
+				fn: this.triggerSubmitForm,
 				scope: this
 			}),
 			buttons: [{
 				text: TYPO3.LLL.core.refresh_login_button,
 				formBind: true,
-				handler: this.submitForm
+				handler: this.triggerSubmitForm
 			}, {
 				text: TYPO3.LLL.core.refresh_logout_button,
 				formBind: true,
@@ -257,7 +257,7 @@
 		Ext.TaskMgr.stop(this.loadingTask);
 	},
 	
-	submitForm: function() {
+	submitForm: function(challenge) {
 		var form = Ext.getCmp("loginform").getForm();
 		var fields = form.getValues();
 		if (fields.p_field === "") {
@@ -267,7 +267,8 @@
 				fields.p_field = MD5(fields.p_field);
 			} 
 			if (TS.securityLevel == "superchallenged" || TS.securityLevel == "challenged") {
-				fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + fields.challenge);
+				fields.challenge = challenge;
+				fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + challenge);
 			} else {
 				fields.userident = fields.p_field;
 			}
@@ -300,8 +301,30 @@
 				}
 			});
 		}
+	},
+
+	triggerSubmitForm: function() {
+		if (TS.securityLevel == 'superchallenged' || TS.securityLevel == 'challenged') {
+			Ext.Ajax.request({
+				url: 'ajax.php',
+				params: {
+					'ajaxID': 'BackendLogin::getChallenge',
+					'skipSessionUpdate': 1
+				},
+				method: 'GET',
+				success: function(response) {
+					var result = Ext.util.JSON.decode(response.responseText);
+					if (result.challenge) {
+						Ext.getCmp('challenge').value = result.challenge;
+						TYPO3.loginRefresh.submitForm(result.challenge);
+					}
+				},
+				scope: this
+			});
+		} else {
+			this.submitForm();
+		}
 	}
-	
 });
 
 
Index: typo3/classes/class.ajaxlogin.php
===================================================================
--- typo3/classes/class.ajaxlogin.php	(Revision 6441)
+++ typo3/classes/class.ajaxlogin.php	(Arbeitskopie)
@@ -114,6 +114,24 @@
 			$ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
 		}
 	}
+
+	/**
+	 * Gets a MD5 challenge.
+	 *
+	 * @param	array		$parameters: Parameters (not used)
+	 * @param	TYPO3AJAX	$parent: The calling parent AJAX object
+	 * @return	void
+	 */
+	public function getChallenge(array $parameters, TYPO3AJAX $parent) {
+		session_start();
+
+		$_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
+
+		session_commit();
+
+		$parent->addContent('challenge', $_SESSION['login_challenge']);
+		$parent->setContentFormat('json');
+	}
 }
 
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])	{
Index: typo3/backend.php
===================================================================
--- typo3/backend.php	(Revision 6441)
+++ typo3/backend.php	(Arbeitskopie)
@@ -342,11 +342,6 @@
 			$menuFrameName = 'topmenuFrame';
 		}
 
-		// create challenge for the (re)login form and save it in the session.
-		$challenge = md5(uniqid('').getmypid());
-		session_start();
-		$_SESSION['login_challenge'] = $challenge;
-
 		// determine security level from conf vars and default to super challenged
 		if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
 			$this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
@@ -368,7 +363,6 @@
 		'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
 		'uniqueID' => t3lib_div::shortMD5(uniqid('')),
 		'securityLevel' => $this->loginSecurityLevel,
-		'challenge' => $challenge,
 		'TYPO3_mainDir' => TYPO3_mainDir,
 		'pageModule' => $pageModule,
 		'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
Index: typo3/ajax.php
===================================================================
--- typo3/ajax.php	(Revision 6441)
+++ typo3/ajax.php	(Arbeitskopie)
@@ -43,7 +43,8 @@
 	'BackendLogin::login',
 	'BackendLogin::logout',
 	'BackendLogin::refreshLogin',
-	'BackendLogin::isTimedOut'
+	'BackendLogin::isTimedOut',
+	'BackendLogin::getChallenge',
 );
 
 // if we're trying to do an ajax login, don't require a user.