Task #83212
Documentation for impacts with enabled honeypot and site caching
100%
Description
\TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isUserOrGroupSet() checks if $GLOBALS['TSFE']->fe_user->user is an array, but this works only if nowhere in the system, data is stored with TYPO3 session handling.
$GLOBALS['TSFE']->fe_user->setKey();
$GLOBALS['TSFE']->fe_user->storeSessionData();
This stores some "ses_xx" keys in $GLOBALS['TSFE']->fe_user->user array. I'm trying to use EXT:staticfilecache which checks for frontenduser with this method and it returns true on every page, because ext:form stores some data in sessions. I'm pretty sure this is not a bug in EXT:staticfilecache.
I used a clean TYPO3 instance only with sysext, EXT:staticfilecache and a fluidtemplate to debug it.
TYPO3 8.7.8
PHP 7.0
Related issues
Associated revisions
[TASK] Add clarification regarding honeypot and caching
This patch adds some documentation regarding the automatic
inclusion of the honeypot and (static) site caching.
Resolves: #83212
Releases: master, 8.7
Change-Id: I9e7b56a8e515172f6a91274512db13488b41eacb
Reviewed-on: https://review.typo3.org/56983
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
Tested-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
[TASK] Add clarification regarding honeypot and caching
This patch adds some documentation regarding the automatic
inclusion of the honeypot and (static) site caching.
Resolves: #83212
Releases: master, 8.7
Change-Id: I9e7b56a8e515172f6a91274512db13488b41eacb
Reviewed-on: https://review.typo3.org/56988
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
Tested-by: Ralf Zimmermann <ralf.zimmermann@tritum.de>
History
#1
Updated by Tobias Pfender about 2 years ago
This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()
#2
Updated by Benni Mack about 2 years ago
- Category changed from Frontend to Form Framework
Tobias Pfender wrote:
This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()
The behaviour is correct, however EXT:form is adding session data on a page with a form plugin, so this is a killer "out-of-the-core". The rest of the behaviour is correct - e.g. an extension adding shopping cart functionality creates an (anonymous) session should never do static caching.
#3
Updated by Bjoern Jacob almost 2 years ago
- Sprint Focus set to Remote Sprint
#4
Updated by Ralf Zimmermann almost 2 years ago
If you use the honeypot feature (enabled by default), some data will be stored within the session (only here uses ext: form session data).
One solution could be to disable it.
Within your form definition:
type: Form identifier: fooForm label: 'foo' renderingOptions: honeypot: enable: false renderables: ...
or within your form setup
TYPO3: CMS: Form: prototypes: standard: formElementsDefinition: Form: renderingOptions: honeypot: enable: false
@bjacob We should add a note into the docs.
#5
Updated by Ralf Zimmermann over 1 year ago
- Tags set to Documentation
#6
Updated by Ralf Zimmermann over 1 year ago
- Related to Epic #82340: EXT:form - improve documentation added
#7
Updated by Ralf Zimmermann over 1 year ago
- Tracker changed from Bug to Task
- Subject changed from TyposcriptFrontendController->isUserOrGroupSet() is using wrong condition to check if fe_user is logged in to Documentation for impacts with enabled honeypot and site caching
#8
Updated by Bjoern Jacob over 1 year ago
- Sprint Focus changed from Remote Sprint to On Location Sprint
#9
Updated by Bjoern Jacob over 1 year ago
- Sprint Focus changed from On Location Sprint to Remote Sprint
#10
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983
#11
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983
#12
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983
#13
Updated by Gerrit Code Review over 1 year ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56988
#14
Updated by Bjoern Jacob over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset d3cae300dd5e9842dfec89e75f64241e5873d1d4.
#15
Updated by Benni Mack about 1 year ago
- Status changed from Resolved to Closed