Bug #46428

Session is started on every request

Added by Karsten Dambekalns almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Should have
Category:
Session
Start date:
2013-03-19
Due date:
% Done:

100%

PHP Version:
Has patch:
No
Complexity:

Related issues

Related to TYPO3.Flow - Bug #44202: $session->start() initializes a new session and does not resume a current one Resolved 2012-12-22
Related to TYPO3.Flow - Bug #46703: Session has side effects in functional tests Resolved 2013-03-27

Associated revisions

Revision 9feb5902 (diff)
Added by Robert Lemke almost 7 years ago

[FEATURE] Support for sessionless authentication

This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.

Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.

This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.

The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.

This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.

Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0

Revision ff5de86a (diff)
Added by Robert Lemke almost 7 years ago

[FEATURE] Support for sessionless authentication

This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.

Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.

This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.

The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.

This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.

Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0

History

#1 Updated by Gerrit Code Review almost 7 years ago

  • Status changed from Accepted to Under Review

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859

#2 Updated by Gerrit Code Review almost 7 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859

#3 Updated by Gerrit Code Review almost 7 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#4 Updated by Gerrit Code Review almost 7 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#5 Updated by Gerrit Code Review almost 7 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#6 Updated by Anonymous almost 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#7 Updated by Gerrit Code Review almost 7 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19615

#8 Updated by Anonymous almost 7 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF