[TYPO3-dev] AJAX ReLogin does not work

[Xavier Perseguers]

Hi,

> Niels Pardon wrote:
>> I already wrote it in the other thread in this list: I don't understand
>> why the login challenge is generated a second time in the core.
> 
> Because the challenge should change for each login attempt. Otherwise it will be much easier to automate login attempts.

I agree, good to point this out.

I did not analyze the incriminated code yet ;-) but perhaps the problem 
is that the new challenge should be put into session prior to showing 
the login dialog (or showing it again if an attempt was wrong) and then 
mentioned patch (in a previous post) may be used.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en

One contribution a day keeps the fork away