[TYPO3-core] RFC #17378: The ExtDirect token needs to be regenerated after relogin by popup window (revisited)
Helmut Hummel
helmut.hummel at typo3.org
Fri Jan 28 19:43:10 CET 2011
Hi Ernesto,
thanks for bringing this up again.
On 28.01.11 10:39, Ernesto Baschny [cron IT] wrote:
>
> Solution:
> Persist the tokens created during the ajax relogin.
The persist is indeed necessary, so +1 by reading and testing for that.
Unfortunately this does not help if some ExtJs is in the content frame,
because only the token in the main window is refreshed.
Solution for this is to always use the token of the main window for
ExtJs calls (see attached patch).
It works, because the global "top" object is alway there but is the same
as "windows" if no other top window exist.
Besides the problem with the content form, also the clear cache menu is
not working after the relogin, because it also contains tokens.
I try to come up with a solution for that, but I would say this should
go in another RFC.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17378_v2.diff
Type: text/x-patch
Size: 1449 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110128/bf4b1299/attachment.bin>
More information about the TYPO3-team-core
mailing list