Bug #33094

security token when relogin after session expired

Added by DevEthic over 8 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Pagetree
Target version:
-
Start date:
2012-01-10
Due date:
% Done:

0%

TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

when i re login me, from the extjs window, after my session has expired, i've ExtDirect security token alert :

- on page icon click : context menu not displayed
- on page title click : form not appears

typo3 version 4.5.10

arrives with chrome, not tested with another browsers

typo3_BUG_extdirect_security_token_pagetree_1.jpg View (76.6 KB) DevEthic , 2012-01-10 16:55

History

#1 Updated by Ernesto Baschny over 8 years ago

  • Target version changed from 4.5.11 to 4.5.12

#2 Updated by Bart Dubelaar over 7 years ago

See #24870, might be caused by the configuration of $TYPO3_CONF_VARS['BE']['loginSecurityLevel']

#3 Updated by Bart Dubelaar over 7 years ago

Found an interesting workaround. Enter a wrong password first and then enter a correct password.
For me this works. The problem lies in the function hasLoginBeenProcessed() of class.ajaxlogin.php.
In this class the following compare is done:

((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id)

For me these are equal when I enter the correct password directly, but they are different after entering a wrong one first.

#4 Updated by Bart Dubelaar over 7 years ago

It seems like that all goes well only by accident with the default loginSecurityLevel. This is because the getChallenge request of the extjs loginbox effectively logs out the user before doing the real authentication. This explain why the "wrong password first" workaround works, as this also logs out the user first.

#5 Updated by Fronzes Philippe over 7 years ago

Hi,

I get this error too, with version 4.5.19, and with default 'loginSecurityLevel'.

#6 Updated by Mathias Schreiber over 5 years ago

  • Target version changed from 4.5.12 to 7.4 (Backend)
  • Is Regression set to No

#7 Updated by Susanne Moog almost 5 years ago

  • Target version changed from 7.4 (Backend) to 7.5

#8 Updated by Benni Mack over 4 years ago

  • Target version changed from 7.5 to 8 LTS

#9 Updated by Benni Mack about 3 years ago

  • Target version changed from 8 LTS to next-patchlevel

#10 Updated by Riccardo De Contardi about 2 years ago

  • Status changed from New to Closed
  • Target version deleted (next-patchlevel)

Extjs has been dropped, so I think it should be safe to close this one for now.

If you think that this is the wrong decision or experience the issue again, please reopen it or open a new issue with a reference to this one.

Thank you and best regards

Also available in: Atom PDF