Project

General

Profile

Actions
Copy link

Bug #58713

closed

Failed feuser login removes the existing session data

Added by Tommy Bley almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2014-05-12
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.3
Tags:
Complexity:
medium
Is Regression:
No
Sprint Focus:

Description

In the new version of Typo3 6.2.2, a fail login in the frontend with feuser destroy the fe_typo_user cookie and this destroyed my user session

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #57751: Felogin session not setClosedMarkus Klein2014-04-08

Actions
Related to TYPO3 Core - Bug #59614: The property newSessionID is used in a wrong context in AbstractUserAuthenticationClosed2014-06-16

Actions
Actions
Copy link
 #1

Updated by Markus Klein almost 10 years ago

  • Status changed from New to Accepted

Easiest way to reproduce

  • Click on the forgot password link (fe cookie is created)
  • Click on the back to login link (fe cookie still there)
  • Let a login fail
  • Notice the cookie is gone

What happens in the background

When the cookie is first set, its id is chosen randomly.
On login attempts a former session (but not the session data!) is discarded and the cookie is unset, I guess for security reasons.
  • If the login succeeds a new session is created (but with the same id, as the id was present from the cookie beforehand) and the sessions data
    is preserved as the session id is now existing again.
  • If the login fails, no cookie is set anymore and the session data is lost forever since the next login attempt will generate a new id.
Actions
Copy link
 #2

Updated by Markus Klein almost 10 years ago

  • Complexity set to medium
Actions
Copy link
 #3

Updated by Markus Klein almost 10 years ago

  • Subject changed from Fail Login with feuser delete the fe_typo_user cookie to Failed feuser login removes the existing session data
Actions
Copy link
 #4

Updated by Gerrit Code Review almost 10 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30485

Actions
Copy link
 #5

Updated by Gerrit Code Review almost 10 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30485

Actions
Copy link
 #6

Updated by Gerrit Code Review almost 10 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30485

Actions
Copy link
 #7

Updated by Gerrit Code Review almost 10 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30485

Actions
Copy link
 #8

Updated by Helmut Hummel almost 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #9

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF