Project

General

Profile

Actions
Copy link

Bug #33094

closed

security token when relogin after session expired

Added by DevEthic over 12 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Pagetree
Target version:
-
Start date:
2012-01-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

when i re login me, from the extjs window, after my session has expired, i've ExtDirect security token alert :

- on page icon click : context menu not displayed
- on page title click : form not appears

typo3 version 4.5.10

arrives with chrome, not tested with another browsers

Files

typo3_BUG_extdirect_security_token_pagetree_1.jpg (76.6 KB) typo3_BUG_extdirect_security_token_pagetree_1.jpg DevEthic , 2012-01-10 16:55
Actions
Copy link
 #1

Updated by Ernesto Baschny about 12 years ago

  • Target version changed from 4.5.11 to 4.5.12
Actions
Copy link
 #2

Updated by Bart Dubelaar over 11 years ago

See #24870, might be caused by the configuration of $TYPO3_CONF_VARS['BE']['loginSecurityLevel']

Actions
Copy link
 #3

Updated by Bart Dubelaar over 11 years ago

Found an interesting workaround. Enter a wrong password first and then enter a correct password.
For me this works. The problem lies in the function hasLoginBeenProcessed() of class.ajaxlogin.php.
In this class the following compare is done:

((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id)

For me these are equal when I enter the correct password directly, but they are different after entering a wrong one first.

Actions
Copy link
 #4

Updated by Bart Dubelaar over 11 years ago

It seems like that all goes well only by accident with the default loginSecurityLevel. This is because the getChallenge request of the extjs loginbox effectively logs out the user before doing the real authentication. This explain why the "wrong password first" workaround works, as this also logs out the user first.

Actions
Copy link
 #5

Updated by Fronzes Philippe over 11 years ago

Hi,

I get this error too, with version 4.5.19, and with default 'loginSecurityLevel'.

Actions
Copy link
 #6

Updated by Mathias Schreiber over 9 years ago

  • Target version changed from 4.5.12 to 7.4 (Backend)
  • Is Regression set to No
Actions
Copy link
 #7

Updated by Susanne Moog over 8 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions
Copy link
 #8

Updated by Benni Mack over 8 years ago

  • Target version changed from 7.5 to 8 LTS
Actions
Copy link
 #9

Updated by Benni Mack almost 7 years ago

  • Target version changed from 8 LTS to next-patchlevel
Actions
Copy link
 #10

Updated by Riccardo De Contardi almost 6 years ago

  • Status changed from New to Closed
  • Target version deleted (next-patchlevel)

Extjs has been dropped, so I think it should be safe to close this one for now.

If you think that this is the wrong decision or experience the issue again, please reopen it or open a new issue with a reference to this one.

Thank you and best regards

Actions
Copy link

Also available in: Atom PDF