security token when relogin after session expired
when i re login me, from the extjs window, after my session has expired, i've ExtDirect security token alert :
- on page icon click : context menu not displayed
- on page title click : form not appears
typo3 version 4.5.10
arrives with chrome, not tested with another browsers
#3 Updated by Bart Dubelaar over 7 years ago
Found an interesting workaround. Enter a wrong password first and then enter a correct password.
For me this works. The problem lies in the function hasLoginBeenProcessed() of class.ajaxlogin.php.
In this class the following compare is done:
((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id)
For me these are equal when I enter the correct password directly, but they are different after entering a wrong one first.
#4 Updated by Bart Dubelaar over 7 years ago
It seems like that all goes well only by accident with the default loginSecurityLevel. This is because the getChallenge request of the extjs loginbox effectively logs out the user before doing the real authentication. This explain why the "wrong password first" workaround works, as this also logs out the user first.
#10 Updated by Riccardo De Contardi about 2 years ago
- Status changed from New to Closed
- Target version deleted (
Extjs has been dropped, so I think it should be safe to close this one for now.
If you think that this is the wrong decision or experience the issue again, please reopen it or open a new issue with a reference to this one.
Thank you and best regards