Task #56453
closedEpic #55070: Workpackages
Epic #55066: WP: Security enhancements
Story #55509: Add CSRF Protection to mod.php
Improve usability with multiple tabs open
100%
Description
When the backend user session expires, currently
a popup window is shown which asks the user to
relogin when salted passwords or rsaauth are used
(which is currently our default).
However when a user works with multiple browser tabs
open, it is easy to overlook this popup. When realizing
that the session is expired and the user logs
into the backend again in one tab, the session
is authenticated in all other open tabs, but a
new CSRF protection token has been generated, which
makes working in this tab impossible, especially
because the tokens are now checked for virtually
any action.
This changes cleans up the AjaxLogin functionality
by making use of the new Ajax API introduced lately
and functionality is added so that AjaxLogin also
works with rsaauth and saltedpasswords enabled.
Additionally the form protection framework is slightly
reworked to better support the re-login and token
restore functionality in the AjaxLogin.
The "showRefreshLoginPopup" functionality is still
kept, because AjaxLogin can still not handle
OpenID logins.
Updated by Gerrit Code Review almost 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Gerrit Code Review almost 11 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Gerrit Code Review almost 11 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Gerrit Code Review almost 11 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Gerrit Code Review almost 11 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Gerrit Code Review almost 11 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27954
Updated by Helmut Hummel almost 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9aaeaf5120638ef07087226d8409062a29f527ef.