Bug #24715
closed
The ExtDirect token needs to be regenerated after relogin by popup window
Added by Sascha no-lastname-given almost 14 years ago.
Updated almost 14 years ago.
Description
When be session expires and i re-enter password i had to reload whole backend. If not, i get different csrf warnings in different modules.
It's maybe an extra but the be users needs to know that he has to reload. Some users could be irritated.
(issue imported from #M17203)
Files
Hi Sascha,
does this also happen, if you avtivate the following in your localconf.php?
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'
I cannot reproduce with the current trunk. I guess the had nothing to do with the login refresh, but with some bugs in the CSRF protection in extdirect which has been fixed now.
@Sascha: Can you please check the current trunk version? Thanks.
OK, I could reproduce it now
Hello Helmut,
same problem here with: $TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = '1'
First time i had to allow the popup. I tested it again and got the same errors within page Module.
Check attached screenshot.
How to reproduce:
Iam on page Module and wait till session expires.I get the popup and reenter by password. Back in page module everything looks fine. I click on module "reports" and then on module "pages." Back on pages i click my testpage. Then i get the errors.
- trunk revision 10256
Hi Sascha,
can you please check, if the attached patch solves the issue for you?
Thanks.
Hey,
rev. 10266 with your patch seems to work perfect!
I tested both, ajax-login and popup. I can't reproduce it.
Thanks,
Sascha
Committed to trunk rev 10269
Also available in: Atom
PDF