Bug #69763
closedRe-login after expired backend session throws exception
100%
Description
After BE session expires you get a lightbox popup ('Refresh Login to TYPO3') which allows you to enter your password and login again.
When doing this, the backend sometimes throws an exception: #1425389455: Invalid request for route "/main"
This appears to happen when you had an editing form open when the session expired. As a workaround you can remove the token from the url and login again with the normal login box.
Strangely, testing this with a really low value for [BE][sessionTimeout] did not reproduce this error. Could it be that the token has its own time-out value?
You can reproduce the exception by manually modifying the token in the url (but that is correct of course).
Updated by Anja Leichsenring about 9 years ago
- Sprint Focus changed from On Location Sprint to Stabilization Sprint
Updated by Markus Klein about 9 years ago
I have similar issues with the normal BE login from time to time. I need to clear the GET parameters then and then the BE works like normal.
Updated by Benni Mack about 9 years ago
- Target version changed from 7.5 to 7 LTS
- Sprint Focus deleted (
Stabilization Sprint)
Updated by Wolfgang Klinger about 9 years ago
I can confirm that bug.
URL: http://dev.demo-7.local/typo3/index.php?route=%2Fmain&token=32517423454ea0a4e9388fa736b4b2f92806a07e
Uncaught TYPO3 Exception #1425389455: Invalid request for route "/main" (More information) TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 47. 7 TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch(TYPO3\CMS\Core\Http\ServerRequest, TYPO3\CMS\Core\Http\Response) /var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RequestHandler.php: 00153: /** @var RouteDispatcher $dispatcher */ 00154: $dispatcher = GeneralUtility::makeInstance(RouteDispatcher::class); 00155: return $dispatcher->dispatch($request, $response); 00156: } 00157: } 6 TYPO3\CMS\Backend\Http\RequestHandler::dispatch(TYPO3\CMS\Core\Http\ServerRequest) /var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/RequestHandler.php: 00090: // Check if the router has the available route and dispatch. 00091: if ($routingEnabled) { 00092: return $this->dispatch($request); 00093: } 00094: 5 TYPO3\CMS\Backend\Http\RequestHandler::handleRequest(TYPO3\CMS\Core\Http\ServerRequest) /var/www/dev.demo-7/typo3_src/typo3/sysext/core/Classes/Core/Bootstrap.php: 00286: 00287: // Execute the command which returns a Response object or NULL 00288: $this->response = $requestHandler->handleRequest($request); 00289: return $this; 00290: } 4 TYPO3\CMS\Core\Core\Bootstrap::handleRequest(TYPO3\CMS\Core\Http\ServerRequest) /var/www/dev.demo-7/typo3_src/typo3/sysext/backend/Classes/Http/Application.php: 00090: */ 00091: public function run(callable $execute = NULL) { 00092: $this->bootstrap->handleRequest($this->request); 00093: 00094: if ($execute !== NULL) { 3 TYPO3\CMS\Backend\Http\Application::run() /var/www/dev.demo-7/typo3_src/typo3/index.php: 00018: call_user_func(function() { 00019: $classLoader = require __DIR__ . '/../vendor/autoload.php'; 00020: (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(); 00021: }); 2 {closure}() 1 call_user_func(Closure) /var/www/dev.demo-7/typo3_src/typo3/index.php: 00019: $classLoader = require __DIR__ . '/../vendor/autoload.php'; 00020: (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(); 00021: });
Updated by Riccardo De Contardi almost 9 years ago
- Target version changed from 7 LTS to Candidate for patchlevel
Updated by Josef Glatz almost 9 years ago
- Priority changed from Should have to Must have
I can also confirm this bug. Same es Wolfgang's exception (except line 49 instead of 47 -> I'm using 7.6.2)
Updated by Josef Glatz almost 9 years ago
I reproduce at fix it everyday:¶
- Work in the backend
- Shutdown the VM (in which TYPO3 is running) but leaving browser tab with backend open
- Sleep until next day ;-)
- Startup the VM
- Reload the browser tab with the backend
- BE Login appears
- Login to backend
- Exception is thrown
- Remove the route parameter in url + Enter
- Backend is now reloading and shows 2
Validating the security token of this form has failed. Please reload the form and submit it again.
error messages- After reloading backend with browser's reload button, everything is back to normal
I don't know if it is important, but I've set
['BE']['sessionTimout']
to3600*24*7
Updated by Peter Kraume almost 9 years ago
I can confirm this problem as well.
The problem exists when you leave the backend open and switch the network, e.g work/home/VPN. When you then click any other link in the BE, you're logged out. Upon next login the above mentioned error message appears. Removing the GET parameters solves the problem.
Updated by Charles Coleman over 8 years ago
I am also having this same issue but it's not because I'm changing network/IP stuff as one person reported was their cause.¶
- I log into the backend using TYPO3 7.6.4 and PHP 5.6 I get the Uncaught TYPO3 Exception below...
- I remove all get parameters and hit enter which at first appears I've completed login but there's TYPO3 backend error message, "Validating the security token of this form has failed. Please reload the form and submit it again."
- I refresh the backend page and it takes me to the main BE login page again
- I enter credentials and login succeeds
- BUT Within 5 minutes I get the relogin modal that pops up informing me that my login expired even though I have it set to 36000 seconds. (I have not changed the IP of my computer or the website during this time.)
Uncaught TYPO3 Exception #1425389455: Invalid request for route "/main" (More information) TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49. 7 TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch(TYPO3\CMS\Core\Http\ServerRequest, TYPO3\CMS\Core\Http\Response) /home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RequestHandler.php: 00159: /** @var RouteDispatcher $dispatcher */ 00160: $dispatcher = GeneralUtility::makeInstance(RouteDispatcher::class); 00161: return $dispatcher->dispatch($request, $response); 00162: } 00163: } 6 TYPO3\CMS\Backend\Http\RequestHandler::dispatch(TYPO3\CMS\Core\Http\ServerRequest) /home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/RequestHandler.php: 00092: // Check if the router has the available route and dispatch. 00093: if ($routingEnabled) { 00094: return $this->dispatch($request); 00095: } 00096: 5 TYPO3\CMS\Backend\Http\RequestHandler::handleRequest(TYPO3\CMS\Core\Http\ServerRequest) /home/example/public_html/vendor/typo3/cms/typo3/sysext/core/Classes/Core/Bootstrap.php: 00300: 00301: // Execute the command which returns a Response object or NULL 00302: $this->response = $requestHandler->handleRequest($request); 00303: return $this; 00304: } 4 TYPO3\CMS\Core\Core\Bootstrap::handleRequest(TYPO3\CMS\Core\Http\ServerRequest) /home/example/public_html/vendor/typo3/cms/typo3/sysext/backend/Classes/Http/Application.php: 00092: } 00093: 00094: $this->bootstrap->handleRequest($this->request); 00095: 00096: if ($execute !== null) { 3 TYPO3\CMS\Backend\Http\Application::run() /home/example/public_html/vendor/typo3/cms/typo3/index.php: 00018: call_user_func(function () { 00019: $classLoader = require __DIR__ . '/../vendor/autoload.php'; 00020: (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(); 00021: }); 2 {closure}() 1 call_user_func(Closure) /home/example/public_html/vendor/typo3/cms/typo3/index.php: 00019: $classLoader = require __DIR__ . '/../vendor/autoload.php'; 00020: (new \TYPO3\CMS\Backend\Http\Application($classLoader))->run(); 00021: });
Updated by Jens Jacobsen over 8 years ago
Confirmed and still there in TYPO3 7.6.4
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1425389455: Invalid request for route "/main" | TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /var/www/typo3/typo3_src-7.6.4/typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49.
Updated by Philipp Winterle over 8 years ago
Same for me. TYPO3 7.6.4
But this behaviour only happens to one of our backend users. This one user is in a special private network with different network policies. If this user is connecting through a WIFI and a direct internet connection to our servers the user is able to connect properly.
Updated by Sascha Ebner over 8 years ago
I have the same problem, TYPO3 CMS 7.6.4, PHP 7.0.5
Updated by ondro no-lastname-given over 8 years ago
Same problem here
Typo3 v 7.6.6
php v 5.6.20
Updated by Michiel Roos over 8 years ago
Maybe the login timeout AJAX call can redirect the main page to a sane url?
/typo3/index.php?ajaxID=%2Fajax%2Flogin%2Ftimedout&skipSessionUpdate=1
Updated by Michiel Roos over 8 years ago
This seems to work too:
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockIP'] = 3;
This will only check the three most significant parts of the IP address of the remote host IP (you).
May break when using IPv6 ?
And you may need to adjust according to your network setup. If you have different subnets for wired and wifi network you may need to lower the 3 to 2.
More info in typo3/sysext/core/Configuration/DefaultConfiguration.php
Updated by Josef Glatz about 8 years ago
Bug is still present in TYPO3 8.5.0-dev
Updated by Nicole Cordes about 8 years ago
@Josef Do you have any steps to reproduce? Otherwise it is really hard to investigate here.
Updated by Ian Solo about 8 years ago
- Log in the BE
- Change IP address (ex: disconnect and reconnect to internet), no need to wait for session timeout
- Click a link in the BE (ex: a page in the page tree)
- Re-log in the BE.
Now you got the error:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1425389455: Invalid request for route "/main" | TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException thrown in file /typo3/sysext/backend/Classes/Http/RouteDispatcher.php in line 49
Updated by Frans Saris about 8 years ago
The issue is a token mismatch. Think a check needs to be added that catches the exception and re-routes to login when the token check fails.
You can easily reproduce the behavior with the chrome browser devtools and switch from user-agent/device.
Updated by Gerrit Code Review about 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50660
Updated by Gerrit Code Review about 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50687
Updated by Frans Saris about 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 46c1c10c9e41a41fb52e3b5d042bbaa5f7cac49c.
Updated by Gerrit Code Review about 8 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50688
Updated by Gerrit Code Review about 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50689
Updated by Gerrit Code Review about 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50688
Updated by Gerrit Code Review about 8 years ago
Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50689
Updated by Markus Klein about 8 years ago
- Status changed from Under Review to Resolved
Applied in changeset 36fe8f1a669bab6d2aa3e9a537b0881293871313.
Updated by Christian Weiske over 7 years ago
- Related to Bug #82118: User interface does not react / 500 internal server error dummyToken added
Updated by Christian Eßl over 4 years ago
- Related to Bug #85844: Invalid request for route "/ajax/system-information/render" after session timed out added