Feature #35965

Session shouldn't start automatically

Added by Peter Russ about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Should have
Category:
Security
Start date:
2012-04-13
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:
easy

Description

By default session handling is started automatically. This isn't useful when it comes to server/server communication.
Places where it should be fixed:
TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager line 130 * @FLOW3\Session(autoStart=true)
and
Package line 46/47
$dispatcher->connect('TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager', 'authenticatedToken', 'TYPO3\FLOW3\Session\SessionInterface', 'renewId');
$dispatcher->connect('TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager', 'loggedOut', 'TYPO3\FLOW3\Session\SessionInterface', 'destroy');

#1

Updated by Andreas Förthner about 9 years ago

  • Project changed from TYPO3 Flow Base Distribution to TYPO3.Flow
#2

Updated by Andreas Förthner about 9 years ago

  • Category set to Security
  • Has patch set to No
  • Complexity set to easy
#3

Updated by Gerrit Code Review about 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10469

#4

Updated by Robert Lemke about 9 years ago

Just for the record: it's not correct that sessions are generally started automatically - the "autostart" feature exists exactly for having more control over that behavior. What's right though is that the authenticate() method is starting a session because I did not consider authentication mechanisms which don't need sessions.

#5

Updated by Gerrit Code Review about 9 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10469

#6

Updated by Gerrit Code Review about 9 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10469

#7

Updated by Andreas Förthner about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF