Bug #20038
closedAJAX relogin does not work
0%
Description
On my local XAMPP installation on Windows the AJAX relogin does not work. The login fails and devLog says that the Session challenge does not match the submitted challenge by the AJAX relogin.
Attached patch solved the issue for me.
(issue imported from #M10467)
Files
Updated by Dan Osipov over 15 years ago
Same here, WAMP installation, TYPO3 trunk.
Updated by Susanne Moog over 15 years ago
here too, on Ubuntu manual installation.
Updated by Erik Svendsen over 15 years ago
Have this to, latest Trunk. TYPO3 installed on Fedora 8. Tested with different browsers and also with real domains and use of IP-addresses
Devlog gives following messages.
PHP Session stored challenge "something" and submitted challenge "different" did not match, so authentication failed!
Password not accepted: xxxxxxxxxxxxx
I have shortly tested Niels patch, which didn't helped in my case.
But I found that phpMyAdmin which was installed on this installation is serving values to the cookie. My experience last week tells me that changes to the cookie are a very possible cause for login problems.
Uninstalling phpMyAdmin solved the problem in this case.
I haven't had any look at the code for the AJAX relogin box, but I suppose it use the information in the cookie to make the challenge. Maybe the problem is located there.
Updated by Andreas Beutel over 15 years ago
For phpMyAdmin: Currently only TYPO3 4.2 is supported (therefore there are constraints set for TYPO3 to max allow 4.2.99 as max version number). Anyway - we'll digg into this.
Updated by Vladimir Podkovanov over 15 years ago
Same here. FreeBSD + latest trunk. Removing phpmyadmin does not help. Patch resolved the bug. But installing phpmyadmin again brake login. So to resolve the bug you need uninstall phpmyadmin + apply the patch.
Updated by Thomas Schröder over 15 years ago
The patch doesn't resolve the problem in my installation: SLES 10 SP2, 4.3 dev rev. 5351, FF 3.0.9, phpmyadmin disabled.
Updated by Christoph Koehler over 15 years ago
I don't have that problem to begin with. Do you have complicated passwords?
We don't touch cookies for the relogin. Just generate a challenge, save it in the session and the relogin form, and compare those later during relogin, just like the normal BE login does it.
If you could help figure it out with some more details, that'd be great!
Updated by Steffen Kamper over 15 years ago
I tried again with a fresh trunk site, no extensions installed. All work fine!
So i consider that it doesn't work if extensions start writing a cookie. phpmyadmin is a good example (which writes 3 cookies per page request, not fixed yet)
Updated by Thomas Schröder over 15 years ago
You are right. On a fresh trunk site it works for me, too. phpmyadmin (latest TER version) breaks the feature.
Only to mention: setting the sessionTimeout to a low value, e.g. 60 seconds for testing, the AJAX-relogin appears every 3 seconds after the first relogin. 240 seconds and up works fine.
Updated by Steffen Kamper over 15 years ago
60 is too small and even unrealistic. There is also the warning time before the login appears. Small values are only for testing this feature ;)
Updated by Steffen Kamper about 15 years ago
I refactored the relogin complete (rewrite in ExtJS only) and it works again.