Request.Contao does not handle logout errors

[aschempp]

The BackendUser object will output javascript, if the authentication fails. But the Request.Contao does not handle that correctly if there is no JSON. The request should either detect the javascript, or the BackendUser object must return JSON with token.

--- Originally created on October 4th, 2011, at 10:15am (ID 3516)

[leofeyer]

This has nothing to do with the Request.Contao class or the contao.js script at all. The request token check simply blocks the request because there is no more session to validate it against. I don't know how to solve this best; maybe we have to send the JavaScript redirect upon the request token check.

--- Originally created on October 5th, 2011, at 04:07pm

[aschempp]

I'm not so sure, did you test the feedback? Example:

• Generate a backend site
• somehow the user session gets deleted/invalid
• Ajax request coming in. Tokens are still available in the session data
• Backend user check => tokens are invalidated and javascript code is returned
• From now on tokens are invalid for following requests, but the first request should get a redirect statement

--- Originally created on October 5th, 2011, at 04:27pm

[leofeyer]

Read again what you
2. The session gets deleted
3. Tokens are still available in the session data

Huh?

--- Originally created on October 5th, 2011, at 05:20pm

[aschempp]

Good question. Does the user login expire because the session is lost or for another reason (like IP validation)?

--- Originally created on October 5th, 2011, at 09:14pm

[leofeyer]

Fixed in ddb3a39. Had to change the API, so I moved the ticket to version 2.11.

--- Originally created on October 7th, 2011, at 04:19pm

[leofeyer]

--- Originally completed on October 7th, 2011, at 04:19pm