Bug #58713
closed
Failed feuser login removes the existing session data
Added by Tommy Bley over 10 years ago.
Updated about 6 years ago.
Description
In the new version of Typo3 6.2.2, a fail login in the frontend with feuser destroy the fe_typo_user cookie and this destroyed my user session
- Status changed from New to Accepted
Easiest way to reproduce¶
- Click on the forgot password link (fe cookie is created)
- Click on the back to login link (fe cookie still there)
- Let a login fail
- Notice the cookie is gone
What happens in the background¶
When the cookie is first set, its id is chosen randomly.
On login attempts a former session (but not the session data!) is discarded and the cookie is unset, I guess for security reasons.
- If the login succeeds a new session is created (but with the same id, as the id was present from the cookie beforehand) and the sessions data
is preserved as the session id is now existing again.
- If the login fails, no cookie is set anymore and the session data is lost forever since the next login attempt will generate a new id.
- Subject changed from Fail Login with feuser delete the fe_typo_user cookie to Failed feuser login removes the existing session data
- Status changed from Accepted to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by