[TYPO3-core] RFC: 17305: Login/ Logout was not possible after introducing the locking in #17289
Ernesto Baschny [cron IT]
ernst at cron-it.de
Tue Jan 25 20:12:08 CET 2011
Helmut Hummel schrieb am 25.01.2011 17:57:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=17305
>
> Branches:
> Trunk
>
> Problem:
> The backend formprotection relies on the possibility to store the tokens
> in the user session. This is not the case, if a user did not yet login
> (the login screen). Since the login screen also uses the template object
> and the persistToken calls were moved to this place, we need do decide
> whether to validate and store tokens or not.
>
> Solution:
> Check if we have a valid BE_USER session and if not provide a dummy
> object, which implements the same interface.
>
> Sidenote:
> This also fixes #17183 partly by disabling the protection in frontend mode.
+1 by reading and testing, nice generic solution now. Thanks!
Committed to trunk, rev. 10306.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list