Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[BUGFIX] Fix session update with backend "Stay logged in" button
For unknown reasons the /ajax/login/refresh route has never been used (all the way back to v6), to request a session timeout update. Instead the route /ajax/login/timedout, *without* the skipSessionUpdate=1 parameter has been used to refresh an existing session. With the introduction of configurable route parameters in #81409 this inconsistency wasn't noticed and the skipSessionUpdate parameter has been moved into the route-configuration, which meant /ajax/login/timedout was always called with skipSessionUpdate=1, even as result of the "Stay logged in" button, where a session update was intended. Use the dedicated /ajax/login/refresh route in order to actually refresh the session. Releases: main, 11.5, 10.4 Resolves: #96978 Related: #81409 Change-Id: I6e7ac78fdfae49fa07ac6b75d64dd1c381ad7e2b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73624 Tested-by: Stefan Bürk <stefan@buerk.tech> Tested-by: core-ci <typo3@b13.com> Tested-by: Benjamin Franzke <bfr@qbus.de> Reviewed-by: Stefan Bürk <stefan@buerk.tech> Reviewed-by: Benjamin Franzke <bfr@qbus.de>
- Loading branch information