Bug #59041
closed
FE login fails at first attempt with page shown in multiple browser tabs
Added by Frans Saris almost 10 years ago.
Updated over 5 years ago.
Description
When you have a page with loginbox open in 2 different browser tabs the login attempt on the first opened browser tab will fail.
[FE][loginSecurityLevel] = rsa
With loginSecurityLevel = normal the problem doesn't occur.
The key is present in tx_rsaauth_keys but somehow not found/recognised.
- Category set to Authentication
Ok so this is not related to session handling but rsaauth.
A new key is generated for each request. So only the last key is valid. (all former keys are discarded)
We should change felogin to fetch the key on submit like the BE login does. But that would be a breaking change I fear.
Is this fixable at all?
- Status changed from New to Accepted
- Assignee set to Frans Saris
- Status changed from Accepted to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF