Bug #25359
closed
Essential form protection tokens are dropped when beeing logged in for a "long" time
100%
Description
Problem:
The backend form protection uses the session data field to store created tokens. Since this database field has a certain size, the framework starts dropping tokens, when it holds a certain amount of tokens.
When doing so, it is very likely that tokens which are seldom replaced (like the ExtDirect token or the clear cache tokens) will be dropped, resulting in token validation error messages
Solution:
I suggest to abandon the extra security feature of having unique tokens, because it turned out to add a complexity which is almost impossible to handle
(issue imported from #M17991)
Updated by Helmut Hummel over 13 years ago
- Assignee set to Helmut Hummel
- Target version deleted (
0)
Updated by Mr. Hudson over 13 years ago
Patch set 1 of change I784a1a6eef947a9030ffa8233c2a866818fd99c5 has been pushed to the review server.
It is available at http://review.typo3.org/1359
Updated by Mr. Hudson over 13 years ago
Patch set 2 of change I784a1a6eef947a9030ffa8233c2a866818fd99c5 has been pushed to the review server.
It is available at http://review.typo3.org/1359
Updated by Mr. Hudson over 13 years ago
Patch set 1 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Updated by Mr. Hudson over 13 years ago
Patch set 1 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Helmut Hummel over 13 years ago
- Target version set to 4.5.3
- % Done changed from 0 to 100
Please ignore review request 1359, it was wrong and I abandoned it.
Updated by Mr. Hudson over 13 years ago
Patch set 2 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 2 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Updated by Mr. Hudson over 13 years ago
Patch set 3 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 4 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 3 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Updated by Mr. Hudson over 13 years ago
Patch set 4 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Updated by Mr. Hudson over 13 years ago
Patch set 5 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 6 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 7 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Updated by Mr. Hudson over 13 years ago
Patch set 5 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Updated by Anonymous over 13 years ago
- Status changed from New to Resolved
Applied in changeset 668e715c502ab043bd943453716385b8b939cd98.
Updated by Oliver Hader over 13 years ago
- Status changed from Resolved to Closed