TYPO3 Core

See #24870, might be caused by the configuration of $TYPO3_CONF_VARS['BE']['loginSecurityLevel']

Found an interesting workaround. Enter a wrong password first and then enter a correct password.
For me this works. The problem lies in the function hasLoginBeenProcessed() of class.ajaxlogin.php.
In this class the following compare is done:

((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id)

For me these are equal when I enter the correct password directly, but they are different after entering a wrong one first.

It seems like that all goes well only by accident with the default loginSecurityLevel. This is because the getChallenge request of the extjs loginbox effectively logs out the user before doing the real authentication. This explain why the "wrong password first" workaround works, as this also logs out the user first.

Hi,

I get this error too, with version 4.5.19, and with default 'loginSecurityLevel'.