Bug #97340
closed
Parameter ?logintype=login&pass=password1234&pid=398&user=myuser doesnt work anymore
0%
Description
Hello everyone,
in TYPO3 9 we could login an fe user by parameters in a url like "https://domain.com?logintype=login&pass=password1234&pid=398&user=myuser". In TYPO3 10 we get a warning:
component="TYPO3.CMS.Core.Authentication.AuthenticationService": Login-attempt from 2001:16b8:68ad:a500:38b1:dcba:4ac8:eb52, for username '' with an empty password!
So username seem so be empty, as well as password.
I have searched through all changelogs of TYPO3 10 and 9, but did not find any security or breaking changes. Is there another way to login as fe user by url? Or die some parameters changed?
Updated by Oliver Bartsch about 2 years ago
- Status changed from New to Closed
Hi, this functionality has been removed with #88458. It's since then only possible to provide the login data via POST. The corresponding breaking changelog can be found here: https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/10.0/Breaking-88458-RemovedFrontendTrackUserFtuFunctionality.html. Especially the Migration part might be of interest for you https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/10.0/Breaking-88458-RemovedFrontendTrackUserFtuFunctionality.html#migration.
Since this functionality was removed intentionally and the change has been documented accordingly, I'll close this issue. In case you think this is the wrong decision or find something in the current implementation, that is not working, please either contact me directly or create a new issue with a reference to this one.
Updated by Oliver Bartsch about 2 years ago
- Related to Task #88458: Remove Frontend Track User functionality added