Session shouldn't start automatically
By default session handling is started automatically. This isn't useful when it comes to server/server communication.
Places where it should be fixed:
TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager line 130 * @FLOW3\Session(autoStart=true)
Package line 46/47
$dispatcher->connect('TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager', 'authenticatedToken', 'TYPO3\FLOW3\Session\SessionInterface', 'renewId');
$dispatcher->connect('TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager', 'loggedOut', 'TYPO3\FLOW3\Session\SessionInterface', 'destroy');
Updated by Robert Lemke over 9 years ago
Just for the record: it's not correct that sessions are generally started automatically - the "autostart" feature exists exactly for having more control over that behavior. What's right though is that the authenticate() method is starting a session because I did not consider authentication mechanisms which don't need sessions.