FrontendUserAuthentication timeout can't be less then 6000s
In FrontendUserAuthentication::start the $this->sessionTimeout will be set to $this->lifetime but only if $this->lifetime is higher then default of $this->sessionTimeout (which is 6000).
$this->lifetime gets filled in TypoScriptFrontendController::initFEuser() with the value of $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'];
I don't think, that this behavior is desired.
Session timeout longer than industry best practice
[FEATURE] Possibility to set sessionTimeout for Frontend Users
Currently it was only possible to set the session timeout for the backend users
You can define the sessionTimeout with the new configuration option
Reviewed-by: Markus Klein <firstname.lastname@example.org>
Tested-by: Markus Klein <email@example.com>
Tested-by: TYPO3com <firstname.lastname@example.org>
Reviewed-by: Benni Mack <email@example.com>
Tested-by: Benni Mack <firstname.lastname@example.org>
#5 Updated by Alexander Opitz almost 3 years ago
- TYPO3 Version changed from 6.2 to 3.5
The commit https://github.com/TYPO3/TYPO3.CMS/commit/385cacdfa7c81a9249ea7e458755942f1b96accb claimed to fix https://forge.typo3.org/issues/14971 (Mantis 1454) which also change file comments incorrectly.
That's why my patch fail.