Project

General

Profile

Actions
Copy link

Bug #96978

closed

Backend "Stay logged in" button does refresh the login-session

Added by Benjamin Franzke almost 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Benjamin Franzke
Category:
Backend User Interface
Target version:
Candidate for patchlevel
Start date:
2022-02-20
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Steps to reproduce:

1. Set $GLOBALS['TYPO3_CONF_VARS']['BE']['sessionTimeout'] to 70.
2. Login via /typo3/
3. Wait 60 seconds for the login-refresh-popup to occur
4. Click the "Stay logged in" button
5a Wait 10 seconds and click on a module => A redirect to the login screen will appear
5b Wait another 60 seconds => A password-box will appear because the session has not been updated.

Description:
For unknown reasons the /ajax/login/refresh
route has never been used (all the way back to v6),
to request a session timeout update.

Instead the route /ajax/login/timedout, without the
skipSessionUpdate=1 parameter has been used to
refresh an existing session.

With the introducting of configurable loute parameters
in #81409 this inconsitency wasn't noticed and the
skipSessionUpdate parameter has been moved into the
route-configuration, which meant /ajax/login/timedout was
always called with skipSessionUpdate=1,
even as result of the "Stay logged in" button, where
a session update was intended.

Use the dedicated /ajax/login/refresh route
in order to actually refresh the session.

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #81409: Move skipSessionUpdate values to AjaxRoutes configClosedJohannes Goslar2017-06-01

Actions
Actions
Copy link

Also available in: Atom PDF