Project

General

Profile

Actions

Bug #24873

closed

Open forms cannot be saved after "Relogin" (Security Token errors)

Added by Ernesto Baschny about 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
Start date:
2011-01-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If you have an open form (e.g. editing a content element) and you leave your browser unattended until "session expires", you can relogin with the popup window (or the JS overlay).

After this relogin, if you try to save your work, you will get security token errors.

The CSRF protection token is in a hidden field, and if the session has expired in the meantime, the session data (including the original tokens) are gone, so when saving that form after the relogin won't be able to validate them. Different potential solutions:

a) go through the DOM and manipulate all hidden fields with a token and change them with a new valid token. doable, but will require some work
b) allow "one save without token check" right after the relogin, so that this form can be finally saved, and after that things continue as usual.

(issue imported from #M17383)


Files

17383.diff (5.32 KB) 17383.diff Administrator Admin, 2011-01-30 16:09
17383_v2.diff (11.9 KB) 17383_v2.diff Administrator Admin, 2011-02-20 14:42

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #24755: Re: issue #24715 - problem still exists in 4.5.0rc1Closed2011-01-23

Actions
Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Has duplicate TYPO3 Core - Bug #24870: Regression: The ExtDirect token needs to be regenerated after relogin by popup windowClosedErnesto Baschny2011-01-28

Actions
Actions #1

Updated by Ernesto Baschny about 13 years ago

Hi Helmut, you wanted to take a look at it. :) Thanks!

Actions #2

Updated by Peter Niederlag about 13 years ago

I am 99% percent sure the issue (#24755) shows up as well without any open form/data:
login.... wait ... expire ... relogin -> error messages

Actions #3

Updated by Ernesto Baschny about 13 years ago

Yes, peter, but these are most probably the ExtDirect errors, see #24870.

If there is yet another category of errors, please open another issue for this ;)

Thanks!

Actions #4

Updated by Steffen Kamper about 13 years ago

Committed to svn
4_5 rev 10519
trunk rev 10520

Actions

Also available in: Atom PDF