Bug #22141

First login attempt to the backend fails every time

Added by Christian Eßl over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-02-19
Due date:
% Done:

0%

TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I updated from 4.2 to 4.3.

The first attempt to log into the backend fails every time. - The second works well.

This problem is browser- und user-undependent.

I tried clearing the be_session-table and site-cookies, but it has no effect.
(issue imported from #M13582)


Related issues

Related to TYPO3 Core - Bug #22523: Refresh BE Login failed first time Closed 2010-04-27
Related to TYPO3 Core - Bug #22509: Login in to the BE fails Closed 2010-04-25

History

#1 Updated by Steffen Ritter over 10 years ago

Hey,
i cannot reproduce this issue.
I updated several instances from 4.2 to 4.3 and did not encounter this behaviour.

Do you have any extensions installed with authservices or an own login skin or sth. like this?

#2 Updated by Marcus Krause over 10 years ago

I'm able to reproduce this. However, it hasn't annoyed me too much. ;-)

It might be because I'm generally blocking cookies, only allow specific domains to set cookies and accept them for the browser session only.

Might be that I'll soon capture the according http requests/responses to find the cause of this behaviour.

#3 Updated by Marcus Krause over 10 years ago

@ the reporter:
Do you use rsaauth? (I do)

#4 Updated by Benni Mack over 10 years ago

I can sometimes reproduce this issue but it happens sporadically (without RSA, salted passwords etc). Can you provide some details when this problem occurs?

#5 Updated by Andy Hausmann over 10 years ago

I can reproduce this bug as well.

It appears every first login attempt at the backend login page. I've never tested this for the frontend login.

I don't think this bug depends on an extension, becaus it apeared recently on a blank TYPO3 4.3.3-Installation just 5 days ago. Nothing has been configured so far.

Currently i am using Firefox 3.5.7 on Mac, but it also happens at Firefox 3.6, IE6-IE8 (IETester) (WinXP) and Safari for Mac.

Today i've found a posting at TYPO3-Jack.net: https://www.typo3-jack.net/typo3-english-lists-netfielders-de/24746-typo3-english-backend-first-login-attempt-fails-every-time-phpsessid-related.html

Christian Essl figured out, that TYPO3 creates the Cookie be_typo_user = 'value' at the first login attempt. Untill you try to login at the second time, TYPO3 creates the Session PHPSESSID = 'value'.

Maybe it could be important to know: TYPO3 4.4 alpha 1 does not have this problem/bug.

#6 Updated by Felix Nagel over 10 years ago

I can reproduce this bug, too.

System:
TYPO3 4.3.3
Apache 2.2.9 (Fedora)
Register Globals disabled
PHP 5.2.6

Using:
rsaauth 1.0.0
saltedpasswords 1.0.0
felogin 1.3.0

Tested with:
FF 3.6.3 & 3.6.4Beta
IE 8
Opera 10.x
-> OS: Win XP Pro SP3

Appearance:
BE login fails every time, but FE login works pretty well. Both with rsa and salted passes.

Hope that helps. As this is a pretty annoying bug, I'm available as beta-tester :-)

#7 Updated by Oliver Klee over 10 years ago

In my case, this seems to be related to cookies. I can reproduce the problem with these steps:

1. load the BE login page
2. clear the domain cookies
3. try to login
-> login failed

I can not reproduce the problem with these steps:

1. load the BE login page
2. clear the domain cookies
3. load the BE login page again (so that the cookies get set)
4. try to login
-> login succeeds

#8 Updated by Johannes K over 10 years ago

We had the BE-Login problem with after an update to TYPO3 4.2 too, and it dissappeared when we uninstalled the phpmyadmin extension
Maybe related to:
http://bugs.typo3.org/view.php?id=10507
http://bugs.typo3.org/view.php?id=10467

#9 Updated by Felix Nagel over 10 years ago

Bingo!
BE login works great and as expected if EXT phpMyAdmin is deinstalled.

Do we need a new bug report within phpMyAdmin?

#10 Updated by Chris topher over 10 years ago

Yes, please!

#11 Updated by Guido Unger over 10 years ago

it is not (or not only) phpmyadmin

t3-4.3.x and I cannot remember when, but it started on a customer website someday.
I uninstalled phpmyadmin but the prob persists.

I can confirm Oliver Klees post (0038927) same here, once the cookie is set, it workz.

problem still persits after upgrade to t3-4.4

on a clean t3-4.4 local on mac osx it workz perfectly.

#12 Updated by Nando Bosshart about 10 years ago

We could reproduce the problem as well - and found a way to solve the problem:

It seems that the problem depends on the order in which the extension "phpmyadmin" is listed in $TYPO3_CONF_VARS['EXT']['extList'].

If "phpmyadmin" comes AFTER the entry "formhandler" the login fails on the first attempt. If the order is changed (.."phpmyadmin,formhandler,"..) then the login works as excpected on the first try.

Formhandler Version tested: 0.9.6 / 0.9.7
phpmyadmin versions tested: 4.8.0 / 4.9.0
Typo3 Versions tested: 4.4.x

#13 Updated by Hannes Gesmann about 10 years ago

@Nando: Looks pretty good:
I simply changed the order (in localconf.php) and the first login works again!
Versions tested:
[TYPO3, formhandler, phpmyadmin]
4.4.2, 0.9.7 ,4.9.0
4.3.3, 0.9.7, 4.8.0

I wasn't able to reproduce this with formhandler version 0.9.8:
4.4.2, 0.9.8 ,4.9.0
So to me it looks like a formhandler bug...

Playing around leeds to the following:
After copying lines 49-63 in ext_tables.php to formhandler 0.9.8 the bug occurs again. These lines are:

if(!is_object($GLOBALS['BE_USER']) || !$GLOBALS['BE_USER']->checkCLIuser()) {
$GLOBALS['BE_USER'] = t3lib_div::makeInstance('t3lib_beUserAuth');

// New backend user object
$GLOBALS['BE_USER']->start(); // Object is initialized
$GLOBALS['BE_USER']->checkCLIuser();
$GLOBALS['BE_USER']->backendCheckLogin();
$GLOBALS['BE_USER']->fetchGroupData();
// set proper be configuration
$GLOBALS['BE_USER']->warningEmail = $TYPO3_CONF_VARS['BE']['warning_email_addr'];
$GLOBALS['BE_USER']->lockIP = $TYPO3_CONF_VARS['BE']['lockIP'];
$GLOBALS['BE_USER']->auth_timeout_field = intval($TYPO3_CONF_VARS['BE']['sessionTimeout']);
$GLOBALS['BE_USER']->OS = TYPO3_OS;
}

I just don't now what phpmyadmin has to do with this, yet.

#14 Updated by Dmitry Dulepov about 9 years ago

  • Status changed from Needs Feedback to Closed
  • Target version deleted (0)

Seems like it is not a core issue.

Also available in: Atom PDF