[TYPO3-core] RFC #11895: Cookie detection in new t3skin login screen fails for certain cirumstances
Marcus Krause
marcus#exp2009 at t3sec.info
Wed Sep 9 01:44:16 CEST 2009
Steffen Gebert schrieb am 09/09/2009 01:25 AM Uhr:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11895
>
> Branches:
> Trunk
>
> Problem:
> With changeset 5899 (0011370) a new t3skin login screen has been
> committed to trunk.
>
> [...]
>
> However, this detection fails for following condition (at least in FF3.5):
> - cookies are generally disallowed and
> - certains domains are in a whitelist
>
> If this condition is met (TYPO3 installation domain in whitelist),
> detection fails , the form is covered by an annoying image and login is
> no longer possible although cookies are accepted for this specific domain.
>
>
> Solution:
> Don't check navigator.cookieEnabled, but directly set testcookie.
> Furthermore add an ignore-link (if there might still be cases, where
> check fails)
+1 by testing (great, having the login form back in place ;-) )
Thanks to Steffen for taking care.
> Notes:
> Thanks to Marcus Krause for reporting.
> You can deactivate cookies in firefox by setting
> network.cookie.cookieBehavior = 2
> in about:config
Or reproduce my setup (whitelist) by using the standard menu:
* menu->"settings"->"privacy"->remove check from box "accept cookies"
* click next to this box on button "exclusions"
* add your domain name and hit button "accept" - DONE
(above is translated on the fly from a DE interface to engl. - so names
might not match exactly)
Marcus.
--
TYPO3 Security blog: http://secure.t3sec.info/
More information about the TYPO3-team-core
mailing list