[TYPO3-core] RFC: #17498: The refresh login dialogue is shown even if the session already timed out
Markus Klein
klein.t3 at mfc-linz.at
Sun Feb 20 15:11:43 CET 2011
+1 by testing on 4_5.
Kind regards
Markus
> -----Original Message-----
> From: typo3-team-core-bounces at lists.typo3.org [mailto:typo3-team-core-
> bounces at lists.typo3.org] On Behalf Of Helmut Hummel
> Sent: Sunday, February 06, 2011 1:13 PM
> To: typo3-team-core at lists.typo3.org
> Subject: [TYPO3-core] RFC: #17498: The refresh login dialogue is shown even
> if the session already timed out
>
> Hi,
>
> this is a SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=17498
>
> Branches: 4_4, 4_5, trunk
>
> Problem:
> There are several reasons why a backend session can expire. If this happens,
> the refresh login dialogue is shown for 30 seconds giving the user the option
> to "stay logged in" or "log out". But in case the session is already expired,
> clicking "stay logged in" does not have an effect an only shows the dialogue
> again with reset counter.
>
> Solution:
> If the session is already expired, directly show the password dialogue.
>
> Note:
> This can be easily tested by deleting the be_typo_user cookie. Without the
> patch the progress bar is shown, with the patch you will see the password
> dialogue directly
>
>
> Kind regards,
> Helmut
>
> --
> Helmut Hummel
> TYPO3 Security Team Leader
>
> TYPO3 .... inspiring people to share!
> Get involved: typo3.org
More information about the TYPO3-team-core
mailing list