[TYPO3-core] FYI48: RFC#11409: backend.php don't use API to include JS libraries

[Lars Houmark]

Hi Steffen,

> this is an SVN patch request.

Thanks for reacting so fast.

Since I was the one noticing it and informed you directly, I should 
also test it I guess - which I just did against trunk, specifically for 
the logout layer feature.

+1 by reading and testing, but try to type a wrong username or password 
in the form after waiting the 30 seconds. The error shown is kinda 
"cropped", huh? Another bug? One word per line is not looking that 
cool... This was in Safari (tested FF after writing) and it seems that 
FF handles it better. Still should be fixed imho.

P.S. Try setting the $TYPO3_CONF_VARS['BE']['sessionTimeout'] to 120 
(seconds). The timer seems a little off and starts bugging in the 
moment you log in (meaning ~60 seconds too early). Minor, but would 
mention it now that I noticed. I guess it could be left over of the old 
function to give you some time to hit the OK button the confirm box, 
but this is no longer the case.

-- 
Lars Houmark
Member of the TYPO3 Security Team