Bug #99710
closed
EXT:felogin - Show Cookie Warning doesn't work
0%
Description
Cookie warning is never shown.
$this->showCookieWarningis set "true" only if user is logged in and if warning is required(?), here
https://github.com/TYPO3/typo3/blob/92b8a70a855eaccce3fa500ffab9c5a340e98f41/typo3/sysext/felogin/Classes/Controller/LoginController.php#L70
but
$this->userService->cookieWarningRequired()uses
$this->feUser->isCookieSet()isCookieSet()is always "true", if the user is logged in,
because
$this->setCookieis always "true", if the user is logged in.
The one and only way to check, if cookies are disabled (by the browser), is to check $_COOKIE array.
I think there is no way to check whether the cookies are disabled or not, until the request is fully executed.
One way would be to check (and show cookie warning message) via ajax, just after the page has loaded.
Updated by Davide Alghi over 1 year ago
Additionally, this block
should not be there, but outside
otherwise the warning message here
cannot be shown.
Updated by Torben Hansen about 1 year ago
- Status changed from New to Accepted
- Assignee set to Torben Hansen
This has most likely been implemented wrong in the extbase version of ext:felogin.
Updated by Torben Hansen about 1 year ago
I debugged this some hours and obviously, this feature seems broken since a long time. It does not even work in the old legacy version of the ext:felogin plugin (TYPO3 v8 - v10, did not test below).
I tried to fix the issue, but the currently used code/approach in ext:felogin is not good to really verify, if the browser supports cookies. Moving the check out of the condition as suggested does not work, since feUser->isCookieSet() will always return true if authentication was successful.
However, ext:felogin can not properly ensure, that a browser supports cookies except by testing it as suggested via JavaScript. The current TYPO3 backend login form does so, as it renders the "Cookies are disabled" warning first and then uses the AJAX route https://website.tld/typo3/ajax/login/preflight with a preflight cookie to verify, that cookies can be set and finally hides the cookie warning, if cookies are enabled/can be set.
In case of ext:felogin, this would be a completely new feature which requires breaking changes (JavaScrip, AJAX route).
Since the current "cookie waring" in ext:felogin does not work and can not be fixed, I think it is best to remove it completely and rely on the default message shown, when the login was not successful. This message includes a hint, that authentication was not successful, either caused by wrong credentials or because of disabled cookies.
Updated by Torben Hansen about 1 year ago
- Related to Task #100135: Remove cookieWarning in ext:felogin added
Updated by Torben Hansen about 1 year ago
- Status changed from Accepted to Closed
Closing the issue, since it can not be fixed in v11 and the cookie message now has been removed in v12 (see #100135)