[TYPO3-core] RFC: #17383: Open forms cannot be saved after "Relogin" (Security Token errors)
Ernesto Baschny [cron IT]
ernst at cron-it.de
Tue Feb 1 08:21:09 CET 2011
Helmut Hummel schrieb am 30.01.2011 20:13:
> Hi Steffen,
>
> On 30.01.11 18:02, Steffen Kamper wrote:
>
>> i had the same in mind (DOM-query) but would be more general. Tokens can
>> be in
>> * links (href)
>> * links (onclick)
>> * form action
>>
>> Areas to search:
>> * top
>> * navigation panel (if iframe only)
>> * content panel
>>
>> I check this and will come with a more general query method if you agree.
>
> Not all tokens are equivalent, a token for a alt_doc cannot be used for
> a tce action and vice versa. Additionally it is not possible to "know"
> on PHP side what frames with which tokens are rendered. So it's a bit
> trickier than it seems.
>
> The only way would be to collect (and identify the type of) all "old"
> tokens on the client side, hand them over to an ajax action which is
> also only executable with an appropriate token, which is generated
> during relogin. Not easy but still doable, I'll give it a try.
I feel that this would be more consistent, thanks! For example other
extensions might add more "tokens" to the clear cache menu (e.g. the RTE
clear cache might have tokens later on) so going through them all would
be the most effective solution.
To know the "type" of a token on PHP side, this information has to be an
additional parameter of the "formToken" parameter, wouldn't it? So
formToken=abcabcabcbac:tceAction ...
> Would it fit, if I'd put such a method in the ajaxlogin class?
I guess so, since this manipulation is only needed on relogin after a
session expiry.
Thanks!
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list