FrontendUserAuthentication timeout can't be less then 6000s
In FrontendUserAuthentication::start the $this->sessionTimeout will be set to $this->lifetime but only if $this->lifetime is higher then default of $this->sessionTimeout (which is 6000).
$this->lifetime gets filled in TypoScriptFrontendController::initFEuser() with the value of $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'];
I don't think, that this behavior is desired.
Session timeout longer than industry best practice
Updated by Alexander Opitz almost 5 years ago
- TYPO3 Version changed from 6.2 to 3.5
The commit https://github.com/TYPO3/TYPO3.CMS/commit/385cacdfa7c81a9249ea7e458755942f1b96accb claimed to fix https://forge.typo3.org/issues/14971 (Mantis 1454) which also change file comments incorrectly.
That's why my patch fail.