[TYPO3-dev] Solving existing session problems - sole technical approach
Franz Holzinger
franz at ttproducts.de
Thu Jan 29 11:34:20 CET 2009
Marcus Krause a écrit :
> Franz Holzinger schrieb am 29.01.2009 07:29 Uhr:
>> Steffen Ritter a écrit :
>>> Susanne Moog schrieb:
>>>> Hi,
>>>>
>>>> I have some problems with sessions, but I _can_ login just fine. It
>>>> only needs two to three times till I get there...
>>>>
>>> Hey,
>>> i just have the same problem, but I think i pointed out where it
>>> comes from...
>>> Since I'm a lazy guy I do not log out, I just close the tab or the
>>> browser... Returning to the site, with a "resting" cookie of the
>>> last, not logged out, session, I have to login twice.
>>> First login it checks username password, logs into backend, "get to
>>> know" that my cookie does not match the current session and redirects
>>> me right back to the login screen, where i can login, and the correct
>>> cookie is set.
>>> This only happens - as said before - when not logging out properly.
>>
>> The same happens with the install tool on all Firefox browsers under
>> LINUX. (I cannot logout from install tool.)
>> Sometimes it happens that I cannot login into install tool any more.
>> And this will never work again. I am forced to use the IE or Konqueror
>> to login. It does not help to delete all cookies.
>> I will work however if you rename the cookie. Here is a patch:
>>
>> http://bugs.typo3.org/view.php?id=5182
>
> Strange; any change that you are using a multidomain setup?
I am using subdomains.
mysub1.mydomain.de
mysub2.mydomain.de
> In your bugtracker report you mention that FF sends two cookies with the
> same key (=Typo3InstallTool). I guess, this only happens when the cookie
> details are different (different domain and/or different path). Could
> you please debug this?
No, the cookie is sent once. But in the parameters of the cookie the
part 'Typo3InstallTool' is present twice. The first contains the old
encrypted password (even after the deletion of all cookies and restart
of the compputer!) and then the same Cookie parameter comes again with
the latest encrypted password. But only the old encrypted password is
stored. So you can never log in with the new password and also not any
more with the former password. And it does not even help to delete the
cookies. I do not know where Firefox has stored the former encrypted
password. Otherwise I would delete this to be able to log in again.
This info comes from wireshark.
Nothing has been changed with the domain or any path.
- Franz
More information about the TYPO3-dev
mailing list