Task #83212

Documentation for impacts with enabled honeypot and site caching

Added by Tobias Pfender about 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Form Framework
Target version:
-
Start date:
2017-12-03
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
7.0
Tags:
Documentation
Complexity:
Sprint Focus:
Remote Sprint

Description

\TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isUserOrGroupSet() checks if $GLOBALS['TSFE']->fe_user->user is an array, but this works only if nowhere in the system, data is stored with TYPO3 session handling.

$GLOBALS['TSFE']->fe_user->setKey();
$GLOBALS['TSFE']->fe_user->storeSessionData();

This stores some "ses_xx" keys in $GLOBALS['TSFE']->fe_user->user array. I'm trying to use EXT:staticfilecache which checks for frontenduser with this method and it returns true on every page, because ext:form stores some data in sessions. I'm pretty sure this is not a bug in EXT:staticfilecache.

I used a clean TYPO3 instance only with sysext, EXT:staticfilecache and a fluidtemplate to debug it.

TYPO3 8.7.8
PHP 7.0

Related issues

Related to TYPO3 Core - Epic #82340: EXT:form - improve documentation New 2017-09-07

Associated revisions

Revision d3cae300 (diff)
Added by Bjoern Jacob over 1 year ago

[TASK] Add clarification regarding honeypot and caching

This patch adds some documentation regarding the automatic
inclusion of the honeypot and (static) site caching.

Resolves: #83212
Releases: master, 8.7
Change-Id: I9e7b56a8e515172f6a91274512db13488b41eacb
Reviewed-on: https://review.typo3.org/56983
Reviewed-by: Susanne Moog <>
Tested-by: Susanne Moog <>
Tested-by: TYPO3com <>
Reviewed-by: Anja Leichsenring <>
Tested-by: Anja Leichsenring <>
Reviewed-by: Ralf Zimmermann <>
Tested-by: Ralf Zimmermann <>

Revision 84344b2b (diff)
Added by Bjoern Jacob over 1 year ago

[TASK] Add clarification regarding honeypot and caching

This patch adds some documentation regarding the automatic
inclusion of the honeypot and (static) site caching.

Resolves: #83212
Releases: master, 8.7
Change-Id: I9e7b56a8e515172f6a91274512db13488b41eacb
Reviewed-on: https://review.typo3.org/56988
Tested-by: TYPO3com <>
Reviewed-by: Ralf Zimmermann <>
Tested-by: Ralf Zimmermann <>

History

#1 Updated by Tobias Pfender about 2 years ago

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

#2 Updated by Benni Mack about 2 years ago

  • Category changed from Frontend to Form Framework

Tobias Pfender wrote:

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

The behaviour is correct, however EXT:form is adding session data on a page with a form plugin, so this is a killer "out-of-the-core". The rest of the behaviour is correct - e.g. an extension adding shopping cart functionality creates an (anonymous) session should never do static caching.

#3 Updated by Bjoern Jacob almost 2 years ago

  • Sprint Focus set to Remote Sprint

#4 Updated by Ralf Zimmermann almost 2 years ago

If you use the honeypot feature (enabled by default), some data will be stored within the session (only here uses ext: form session data).
One solution could be to disable it.

Within your form definition:

type: Form
identifier: fooForm
label: 'foo'
renderingOptions:
  honeypot:
    enable: false
renderables:
  ...

or within your form setup

TYPO3:
  CMS:
    Form:
      prototypes:
        standard:
          formElementsDefinition:
            Form:
              renderingOptions:
                honeypot:
                  enable: false

@bjacob We should add a note into the docs.

#5 Updated by Ralf Zimmermann over 1 year ago

  • Tags set to Documentation

#6 Updated by Ralf Zimmermann over 1 year ago

  • Related to Epic #82340: EXT:form - improve documentation added

#7 Updated by Ralf Zimmermann over 1 year ago

  • Tracker changed from Bug to Task
  • Subject changed from TyposcriptFrontendController->isUserOrGroupSet() is using wrong condition to check if fe_user is logged in to Documentation for impacts with enabled honeypot and site caching

#8 Updated by Bjoern Jacob over 1 year ago

  • Sprint Focus changed from Remote Sprint to On Location Sprint

#9 Updated by Bjoern Jacob over 1 year ago

  • Sprint Focus changed from On Location Sprint to Remote Sprint

#10 Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#11 Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#12 Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#13 Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56988

#14 Updated by Bjoern Jacob over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#15 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF