[TYPO3-core] RFC #11895: Cookie detection in new t3skin login screen fails for certain cirumstances

Marcus Krause marcus#exp2009 at t3sec.info
Wed Sep 9 01:44:16 CEST 2009


Steffen Gebert schrieb am 09/09/2009 01:25 AM Uhr:
> This is an SVN patch request.
> 
> Type: Bugfix
> 
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11895
> 
> Branches:
> Trunk
> 
> Problem:
> With changeset 5899 (0011370) a new t3skin login screen has been
> committed to trunk.
>
> [...]
> 
> However, this detection fails for following condition (at least in FF3.5):
> - cookies are generally disallowed and
> - certains domains are in a whitelist
> 
> If this condition is met (TYPO3 installation domain in whitelist),
> detection fails , the form is covered by an annoying image and login is
> no longer possible although cookies are accepted for this specific domain.
> 
> 
> Solution:
> Don't check navigator.cookieEnabled, but directly set testcookie.
> Furthermore add an ignore-link (if there might still be cases, where
> check fails)

+1 by testing (great, having the login form back in place ;-) )

Thanks to Steffen for taking care.


> Notes:
> Thanks to Marcus Krause for reporting.
> You can deactivate cookies in firefox by setting
> network.cookie.cookieBehavior = 2
> in about:config

Or reproduce my setup (whitelist) by using the standard menu:

* menu->"settings"->"privacy"->remove check from box "accept cookies"
* click next to this box on button "exclusions"
* add your domain name and hit button "accept" - DONE

(above is translated on the fly from a DE interface to engl. - so names
might not match exactly)


Marcus.

-- 
TYPO3 Security blog: http://secure.t3sec.info/


More information about the TYPO3-team-core mailing list