Bug #24715
closed
The ExtDirect token needs to be regenerated after relogin by popup window
0%
Description
When be session expires and i re-enter password i had to reload whole backend. If not, i get different csrf warnings in different modules.
It's maybe an extra but the be users needs to know that he has to reload. Some users could be irritated.
(issue imported from #M17203)
Files
Updated by Helmut Hummel over 13 years ago
Hi Sascha,
does this also happen, if you avtivate the following in your localconf.php?
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'
Updated by Helmut Hummel over 13 years ago
I cannot reproduce with the current trunk. I guess the had nothing to do with the login refresh, but with some bugs in the CSRF protection in extdirect which has been fixed now.
@Sascha: Can you please check the current trunk version? Thanks.
Updated by Sascha no-lastname-given over 13 years ago
Hello Helmut,
same problem here with: $TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'
First time i had to allow the popup. I tested it again and got the same errors within page Module.
Check attached screenshot.
How to reproduce:
Iam on page Module and wait till session expires.I get the popup and reenter by password. Back in page module everything looks fine. I click on module "reports" and then on module "pages." Back on pages i click my testpage. Then i get the errors.
- trunk revision 10256
Updated by Helmut Hummel over 13 years ago
Hi Sascha,
can you please check, if the attached patch solves the issue for you?
Thanks.
Updated by Sascha no-lastname-given over 13 years ago
Hey,
rev. 10266 with your patch seems to work perfect!
I tested both, ajax-login and popup. I can't reproduce it.
Thanks,
Sascha
Updated by 