[TYPO3-dev] Problem with RSAAuth extension
Zach Davis
zach at castironcoding.com
Wed Oct 19 20:43:18 CEST 2011
Steffan,
I misspoke - I meant to say 4.6 instead of 4.7 :)
In any case, unless I'm being dense (which is entirely possible), it
seems to me that this bug is easy to reproduce:
You can go to:
http://46rc1.zd.cicdev.net/special-pages/customer-login and login to the
frontend as "customer1" with the password "customer1"
The login should work.
Logout of the front-end and then simply look at the backend login:
http://46rc1.zd.cicdev.net/typo3/
Now, go back to the frontend login screen and try to login again. I
expect that the front-end login will fail. In fact, in order to login
again on the front-end, you'll have to quit your browser or clear cookies.
When you view the backend login screen, I believe a cookie is set. The
presence of that cookie causes TYPO3 to set time tracking values in
$_SESSION in index_ts.php, which in turn prevents the RSAauth extension
from properly starting the session because it already detects $_SESSION
as an array. If we're going to continue to set values in $_SESSION in
index_ts.php before initializing the extension (which still seems wrong
to me), then we need a better check in the RSA auth for whether the
session has been started or not.
And yes, backend and front-end authentication is set to RSA, as this is
a clean install of the 4.6RC1 introduction package.
Zach
More information about the TYPO3-dev
mailing list