[TYPO3-english] sr_feuserregister: token check needs correct cookies or fail?
christian.oettinger at gmx.de
Mon Jan 28 12:54:50 CET 2013
I think there is a problem in sr_feuserregister token handling. It leads
to our customers experiencing pages with exit error "token's empty" on a
regular basis. It can happen when they click the validation link in the
mail a second time:
When registering users get a mail with validation link. If the user
clicks it, he will be redirected to confirmation page to log in. If the
user clicks it again some times later, he will be redirected to same
page which will then show an error to explain. This is as it should be.
But this only work for us if the user has already been on a page
containing some plugin of sr_feuserregister before clicking the link. So
if a user just clicks on the link in his mail a second time and has not
been surfing the target site before, he will only see the exit error
"sr_feuserregister: token's empty".
It seems to me that the cookie "fe_typo_user" makes the difference. If
it is set by a page containing the sr_feuserregister plugin (like login
or registration) it will work. If it is set by another page – or not
been set before at all – it will not work.
Thanks for any hints.
I'm reay to do more tests if helpful!
More information about the TYPO3-english