[BUGFIX] Fix session update with backend "Stay logged in" button
For unknown reasons the /ajax/login/refresh route has never been used (all the way back to v6), to request a session timeout update. Instead the route /ajax/login/timedout, *without* the skipSessionUpdate=1 parameter has been used to refresh an existing session. With the introduction of configurable route parameters in #81409 this inconsistency wasn't noticed and the skipSessionUpdate parameter has been moved into the route-configuration, which meant /ajax/login/timedout was always called with skipSessionUpdate=1, even as result of the "Stay logged in" button, where a session update was intended. Use the dedicated /ajax/login/refresh route in order to actually refresh the session. Releases: main, 11.5, 10.4 Resolves: #96978 Related: #81409 Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73625 Tested-by:core-ci <typo3@b13.com> Tested-by:
Benjamin Franzke <bfr@qbus.de> Reviewed-by:
Showing
- Build/Sources/TypeScript/backend/Resources/Public/TypeScript/LoginRefresh.ts 5 additions, 1 deletion...cript/backend/Resources/Public/TypeScript/LoginRefresh.ts
- typo3/sysext/backend/Classes/Controller/AjaxLoginController.php 7 additions, 5 deletions...sysext/backend/Classes/Controller/AjaxLoginController.php
- typo3/sysext/backend/Resources/Public/JavaScript/LoginRefresh.js 1 addition, 1 deletion...ysext/backend/Resources/Public/JavaScript/LoginRefresh.js
Please register or sign in to comment