[TYPO3-core] RFC: #17498: The refresh login dialogue is shown even if the session already timed out
Helmut Hummel
helmut.hummel at typo3.org
Sun Feb 6 13:13:12 CET 2011
Hi,
this is a SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=17498
Branches: 4_4, 4_5, trunk
Problem:
There are several reasons why a backend session can expire. If this
happens, the refresh login dialogue is shown for 30 seconds giving the
user the option to "stay logged in" or "log out". But in case the
session is already expired, clicking "stay logged in" does not have an
effect an only shows the dialogue again with reset counter.
Solution:
If the session is already expired, directly show the password dialogue.
Note:
This can be easily tested by deleting the be_typo_user cookie. Without
the patch the progress bar is shown, with the patch you will see the
password dialogue directly
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17498.diff
Type: text/x-patch
Size: 3955 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110206/af3b9d4c/attachment.bin>
More information about the TYPO3-team-core
mailing list