Task #83212

Documentation for impacts with enabled honeypot and site caching

Added by Tobias Pfender over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Form Framework
Target version:
-
Start date:
2017-12-03
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
Documentation
Complexity:
Sprint Focus:
Remote Sprint

Description

\TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isUserOrGroupSet() checks if $GLOBALS['TSFE']->fe_user->user is an array, but this works only if nowhere in the system, data is stored with TYPO3 session handling.

$GLOBALS['TSFE']->fe_user->setKey();
$GLOBALS['TSFE']->fe_user->storeSessionData();

This stores some "ses_xx" keys in $GLOBALS['TSFE']->fe_user->user array. I'm trying to use EXT:staticfilecache which checks for frontenduser with this method and it returns true on every page, because ext:form stores some data in sessions. I'm pretty sure this is not a bug in EXT:staticfilecache.

I used a clean TYPO3 instance only with sysext, EXT:staticfilecache and a fluidtemplate to debug it.

TYPO3 8.7.8
PHP 7.0


Related issues

Related to TYPO3 Core - Epic #82340: EXT:form - improve documentationNew2017-09-07

Actions
#1

Updated by Tobias Pfender over 4 years ago

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

#2

Updated by Benni Mack over 4 years ago

  • Category changed from Frontend to Form Framework

Tobias Pfender wrote:

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

The behaviour is correct, however EXT:form is adding session data on a page with a form plugin, so this is a killer "out-of-the-core". The rest of the behaviour is correct - e.g. an extension adding shopping cart functionality creates an (anonymous) session should never do static caching.

#3

Updated by Bjoern Jacob over 4 years ago

  • Sprint Focus set to Remote Sprint
#4

Updated by Ralf Zimmermann over 4 years ago

If you use the honeypot feature (enabled by default), some data will be stored within the session (only here uses ext: form session data).
One solution could be to disable it.

Within your form definition:

type: Form
identifier: fooForm
label: 'foo'
renderingOptions:
  honeypot:
    enable: false
renderables:
  ...

or within your form setup

TYPO3:
  CMS:
    Form:
      prototypes:
        standard:
          formElementsDefinition:
            Form:
              renderingOptions:
                honeypot:
                  enable: false

Bjoern Jacob We should add a note into the docs.

#5

Updated by Ralf Zimmermann about 4 years ago

  • Tags set to Documentation
#6

Updated by Ralf Zimmermann about 4 years ago

  • Related to Epic #82340: EXT:form - improve documentation added
#7

Updated by Ralf Zimmermann about 4 years ago

  • Tracker changed from Bug to Task
  • Subject changed from TyposcriptFrontendController->isUserOrGroupSet() is using wrong condition to check if fe_user is logged in to Documentation for impacts with enabled honeypot and site caching
#8

Updated by Bjoern Jacob about 4 years ago

  • Sprint Focus changed from Remote Sprint to On Location Sprint
#9

Updated by Bjoern Jacob about 4 years ago

  • Sprint Focus changed from On Location Sprint to Remote Sprint
#10

Updated by Gerrit Code Review about 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#11

Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#12

Updated by Gerrit Code Review about 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

#13

Updated by Gerrit Code Review about 4 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56988

#14

Updated by Bjoern Jacob about 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#15

Updated by Benni Mack over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF