Bug #24715

The ExtDirect token needs to be regenerated after relogin by popup window

Added by Sascha no-lastname-given over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
-
Target version:
Start date:
2011-01-22
Due date:
% Done:

0%

TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When be session expires and i re-enter password i had to reload whole backend. If not, i get different csrf warnings in different modules.

It's maybe an extra but the be users needs to know that he has to reload. Some users could be irritated.

(issue imported from #M17203)

screen2.png View (180 KB) Administrator Admin, 2011-01-22 18:24

17203.diff View (3.21 KB) Administrator Admin, 2011-01-22 20:35


Related issues

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRF Closed 2011-01-20
Related to TYPO3 Core - Bug #24755: Re: issue #24715 - problem still exists in 4.5.0rc1 Closed 2011-01-23
Related to TYPO3 Core - Bug #24870: Regression: The ExtDirect token needs to be regenerated after relogin by popup window Closed 2011-01-28

History

#1 Updated by Helmut Hummel over 9 years ago

Hi Sascha,

does this also happen, if you avtivate the following in your localconf.php?

$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'

#2 Updated by Helmut Hummel over 9 years ago

I cannot reproduce with the current trunk. I guess the had nothing to do with the login refresh, but with some bugs in the CSRF protection in extdirect which has been fixed now.

@Sascha: Can you please check the current trunk version? Thanks.

#3 Updated by Helmut Hummel over 9 years ago

OK, I could reproduce it now

#4 Updated by Sascha no-lastname-given over 9 years ago

Hello Helmut,

same problem here with: $TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'

First time i had to allow the popup. I tested it again and got the same errors within page Module.
Check attached screenshot.

How to reproduce:
Iam on page Module and wait till session expires.I get the popup and reenter by password. Back in page module everything looks fine. I click on module "reports" and then on module "pages." Back on pages i click my testpage. Then i get the errors.

- trunk revision 10256

#5 Updated by Helmut Hummel over 9 years ago

Hi Sascha,

can you please check, if the attached patch solves the issue for you?

Thanks.

#6 Updated by Sascha no-lastname-given over 9 years ago

Hey,

rev. 10266 with your patch seems to work perfect!
I tested both, ajax-login and popup. I can't reproduce it.

Thanks,
Sascha

#7 Updated by Steffen Kamper over 9 years ago

Committed to trunk rev 10269

Also available in: Atom PDF