Bug #30436

Access denied exception after session timeout with CSRF

Added by Christopher Hlubek about 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
Christopher Hlubek
Category:
-
Target version:
-
Start date:
2011-09-29
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

An access of a CSRF protected action with an invalidated session throws an Exception (e.g. \TYPO3\FLOW3\Security\Exception\AccessDeniedException). This exception cannot be catched in any way. Also a reauthentication using an entry point is not possible right now.

#1

Updated by Christopher Hlubek about 10 years ago

  • Tracker changed from Feature to Bug
#2

Updated by Mr. Hudson about 10 years ago

  • Status changed from New to Under Review

Patch set 1 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444

#3

Updated by Mr. Hudson about 10 years ago

Patch set 2 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444

#4

Updated by Mr. Hudson about 10 years ago

Patch set 3 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444

#5

Updated by Mr. Hudson about 10 years ago

Patch set 4 of change If2c9c6386a2ee26195073a359dcf87db515d1dc0 has been pushed to the review server.
It is available at http://review.typo3.org/5444

#6

Updated by Christopher Hlubek about 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF