Bug #90568
closed
BE user cookie set regardless of session
100%
Description
The BE user cookie is always set once a user visited the /typo3 login page. Even after logout, a BE user cookie is still present.
Since a BE user cookie is the only way viable way to detect a BE session, it should only be present if there is a current session. This is important for CDNs to bypass cache for active sessions.
That means a) the cookie should only be set after successful login and b) the cookie should be removed during logout.
Updated by Susanne Moog over 4 years ago
- Related to Task #89877: Cookie "lastLoginProvider" appears to serve no true purpose added
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63629
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63629
Updated by Markus Klein over 4 years ago
- Related to Bug #92035: Backend sets InstallToolSession cookie on logout added
Updated by Markus Klein over 4 years ago
- Assignee set to Markus Klein
- Complexity set to medium
Updated by Gerrit Code Review over 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63629
Updated by Gerrit Code Review over 4 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65372
Updated by Benni Mack over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset c5464e579583d6c92e9ed536a9485cdcb355a21d.