[TYPO3-english] fe_typo_user cookie: Changes from 6.2.3 to 6.2.4
Valentin R
valentin.rottmann at westlotto.com
Thu Nov 13 13:28:37 CET 2014
Hi Forum,
we have an extranet with a closed usergroup where the users can login using their username as a parameter to the URL. (This is not a security issue because the user does not have any influence on this parameter)!
If the user wants to login but already has got the fe_typo_user cookie the behaviour was as follows using Typo3 6.2.3 (shortened output of tcpdump):
GET /index.php?user=40026706 HTTP/1.1
Cookie: nc_staticfilecache=fe_typo_user_logged_in; fe_typo_user=6c3b39633e778b771c9289fcd0e4cfec
HTTP/1.1 303 See Other
Location: ht tp://entextranet.company.com/index.php?id=2
Set-Cookie: fe_typo_user=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: fe_typo_user=6c3b39633e778b771c9289fcd0e4cfec; path=/; httponly
The old cookie was deleted and a new cookie is set and therefore the user is logged in successfully!
If the user wants to login but already has got the fe_typo_user cookie the behaviour was as follows using Typo3 6.2.4+ (shortened output of tcpdump):
GET /index.php?user=40026706 HTTP/1.1
Cookie: nc_staticfilecache=fe_typo_user_logged_in; fe_typo_user=95baf7ae6ed0037092004c6e1707c685
HTTP/1.1 303 See Other
Location: ht tp://entextranet.company.com/index.php?id=2
Set-Cookie: fe_typo_user=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: nc_staticfilecache=fe_typo_user_logged_in; path=/
Unfortunately, a new cookie was not set any longer and therefore the user is not logged in :-(
The next time the user tries to login the cookie is set correctly, but this is not workaround ...
Any help is highly appreciated,
TIA, Valentin
More information about the TYPO3-english
mailing list