Bug #46428
Session is started on every request
100%
Related issues
Associated revisions
[FEATURE] Support for sessionless authentication
This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.
Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.
This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.
The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.
This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.
Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0
[FEATURE] Support for sessionless authentication
This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.
Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.
This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.
The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.
This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.
Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0
History
#1
Updated by Gerrit Code Review almost 7 years ago
Updated by - Status changed from Accepted to Under Review
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859
#2
Updated by Gerrit Code Review almost 7 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859
#3
Updated by Gerrit Code Review almost 7 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#4
Updated by Gerrit Code Review almost 7 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#5
Updated by Gerrit Code Review almost 7 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#6 Updated by Anonymous almost 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9feb5902e1c4ed1b32278b28b6edc0a41a6bb7b9.
#7
Updated by Gerrit Code Review almost 7 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19615
#8 Updated by Anonymous almost 7 years ago
- Status changed from Under Review to Resolved
Applied in changeset ff5de86a050865abee0fb5c860261c66710b74f5.