[TYPO3-core] RFC #17203: The ExtDirect token needs to be regenerated after relogin by popup window
Helmut Hummel
helmut.hummel at typo3.org
Sat Jan 22 21:01:15 CET 2011
Hi,
this is a SVN patch request:
Branch: trunk
Bugtracker reference: http://bugs.typo3.org/view.php?id=17203
Problem:
When be session expires and I re-enter password I had to reload whole
backend. If not, I get ExtDirect Exceptions in different modules.
This happens due to the fact that the ExtDirect token has been stored in
the user session which timed out.
Solution:
Regenerate the token for the new session and hand it over to the
ExtDirect calls
How to test:
Let the login session time out and re-login.
Update the pagetree.
Without the patch you will see ExtDirect Exceptions.
Note:
To get this working I needed to put the JavaScript token variable into a
global scope. If anyone knows how this could be solved differently, I'd
love to hear that. Thanks.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17203.diff
Type: text/x-patch
Size: 3282 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110122/f31fc182/attachment.bin>
More information about the TYPO3-team-core
mailing list