[TYPO3-core] RFC: #17383: Open forms cannot be saved after "Relogin" (Security Token errors)
Ernesto Baschny [cron IT]
ernst at cron-it.de
Mon Feb 7 14:02:13 CET 2011
Helmut Hummel schrieb am 30.01.2011 20:13:
>> i had the same in mind (DOM-query) but would be more general. Tokens can
>> be in
>> * links (href)
>> * links (onclick)
>> * form action
>>
>> Areas to search:
>> * top
>> * navigation panel (if iframe only)
>> * content panel
>>
>> I check this and will come with a more general query method if you agree.
>
> Not all tokens are equivalent, a token for a alt_doc cannot be used for
> a tce action and vice versa. Additionally it is not possible to "know"
> on PHP side what frames with which tokens are rendered. So it's a bit
> trickier than it seems.
>
> The only way would be to collect (and identify the type of) all "old"
> tokens on the client side, hand them over to an ajax action which is
> also only executable with an appropriate token, which is generated
> during relogin. Not easy but still doable, I'll give it a try.
>
> Would it fit, if I'd put such a method in the ajaxlogin class?
Any news on that, Helmut?
Having the relogin-tokens fixed is an important goal for 4.5.1, as it
seems to annoy many people. :)
Thanks!
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list