Bug #25359
closed
Essential form protection tokens are dropped when beeing logged in for a "long" time
Added by Helmut Hummel over 13 years ago.
Updated over 13 years ago.
Description
Problem:
The backend form protection uses the session data field to store created tokens. Since this database field has a certain size, the framework starts dropping tokens, when it holds a certain amount of tokens.
When doing so, it is very likely that tokens which are seldom replaced (like the ExtDirect token or the clear cache tokens) will be dropped, resulting in token validation error messages
Solution:
I suggest to abandon the extra security feature of having unique tokens, because it turned out to add a complexity which is almost impossible to handle
(issue imported from #M17991)
- Assignee set to Helmut Hummel
- Target version deleted (
0)
Patch set 1 of change I784a1a6eef947a9030ffa8233c2a866818fd99c5 has been pushed to the review server.
It is available at http://review.typo3.org/1359
Patch set 2 of change I784a1a6eef947a9030ffa8233c2a866818fd99c5 has been pushed to the review server.
It is available at http://review.typo3.org/1359
Patch set 1 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Patch set 1 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
- Target version set to 4.5.3
- % Done changed from 0 to 100
Please ignore review request 1359, it was wrong and I abandoned it.
Patch set 2 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 2 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Patch set 3 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 4 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 3 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Patch set 4 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
Patch set 5 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 6 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 7 of change If37990fbc1ae3701777e8218cc1bc8760a4d6a55 has been pushed to the review server.
It is available at http://review.typo3.org/1364
Patch set 5 of change I078a6fa7f579026a33568fd0af114e5776c994da has been pushed to the review server.
It is available at http://review.typo3.org/1361
- Status changed from New to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Anonymous 
Updated by