Project

General

Profile

Actions
Copy link

Bug #59365

closed

Session Lifetime for FE-Users can not be less than 6000 secs

Added by Alexander Bohndorf over 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-06-05
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Setting the session lifetime to a value less than 6000 secs has no effect, f.e.

$GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] = 1800;

results in the default lifetime of 6000 secs.

Reason for this is
\typo3\sysext\frontend\Classes\Authentication\FrontendUserAuthentication.php:171:

        if (intval($this->auth_timeout_field) > 0 && intval($this->auth_timeout_field) < $this->lifetime) {
            // If server session timeout is non-zero but less than client session timeout: Copy this value instead.
            $this->auth_timeout_field = $this->lifetime;
        }

and in __construct (line 144) is defined:

$this->auth_timeout_field = 6000;

Maybe the fix suggested in #14836 (adapted to the 6.1 sources) could be the right solution?

adding the following line in \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::initFEuser after line 912:

$this->fe_user->auth_timeout_field = intval($this->TYPO3_CONF_VARS['FE']['lifetime']);

This behaviour was found in TYPO3 6.1.7.

Best regards

Alexander

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #19153: Insonsistent description/initialisation of class.t3lib_beuserauth.php->auth_timeout_fieldClosed2008-07-25

Actions
Related to TYPO3 Core - Bug #14836: Session-Lifetime for BE-User and FE-User doesnt work in FEClosedChristian Kuhn2005-06-22

Actions
Actions
Copy link
 #1

Updated by Alexander Opitz over 10 years ago

You assigned this issue to me, was this correct? I fixed the description of the issue.

Actions
Copy link
 #2

Updated by Alexander Bohndorf over 10 years ago

  • Assignee deleted (Alexander Opitz)
Actions
Copy link
 #3

Updated by Mathias Schreiber almost 10 years ago

  • Status changed from New to Resolved

fixed on master

Actions
Copy link
 #4

Updated by Michael Hilgers over 8 years ago

Hi,

the problem seems not to be fixed for Typo3 6.2.15. It is not possible to habe a FE session livetime shorter than 6000 seconds because this is hardcoded in the constructor of FrontendUserAuthentication
\typo3\sysext\frontend\Classes\Authentication\FrontendUserAuthentication.php:125:

        $this->auth_timeout_field = 6000;

and enforced when the session is started in public function start():
\typo3\sysext\frontend\Classes\Authentication\FrontendUserAuthentication.php:178:

        if ((int)$this->auth_timeout_field > 0 && (int)$this->auth_timeout_field < $this->lifetime) {
            // If server session timeout is non-zero but less than client session timeout: Copy this value instead.
            $this->auth_timeout_field = $this->lifetime;
        }

So the setting in [FE][lifetime] dos not have an effect if lower than 6000 (100 Minutes).

thx & br
Michi

Actions
Copy link
 #5

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF