Project

General

Profile

Actions

Task #83212

closed

Documentation for impacts with enabled honeypot and site caching

Added by Tobias Pfender almost 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Form Framework
Target version:
-
Start date:
2017-12-03
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.0
Tags:
Documentation
Complexity:
Sprint Focus:
Remote Sprint

Description

\TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isUserOrGroupSet() checks if $GLOBALS['TSFE']->fe_user->user is an array, but this works only if nowhere in the system, data is stored with TYPO3 session handling.

$GLOBALS['TSFE']->fe_user->setKey();
$GLOBALS['TSFE']->fe_user->storeSessionData();

This stores some "ses_xx" keys in $GLOBALS['TSFE']->fe_user->user array. I'm trying to use EXT:staticfilecache which checks for frontenduser with this method and it returns true on every page, because ext:form stores some data in sessions. I'm pretty sure this is not a bug in EXT:staticfilecache.

I used a clean TYPO3 instance only with sysext, EXT:staticfilecache and a fluidtemplate to debug it.

TYPO3 8.7.8
PHP 7.0


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Epic #82340: EXT:form - improve documentationClosed2017-09-07

Actions
Actions #1

Updated by Tobias Pfender almost 7 years ago

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

Actions #2

Updated by Benni Mack almost 7 years ago

  • Category changed from Frontend to Form Framework

Tobias Pfender wrote:

This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()

The behaviour is correct, however EXT:form is adding session data on a page with a form plugin, so this is a killer "out-of-the-core". The rest of the behaviour is correct - e.g. an extension adding shopping cart functionality creates an (anonymous) session should never do static caching.

Actions #3

Updated by Björn Jacob almost 7 years ago

  • Sprint Focus set to Remote Sprint
Actions #4

Updated by Ralf Zimmermann almost 7 years ago

If you use the honeypot feature (enabled by default), some data will be stored within the session (only here uses ext: form session data).
One solution could be to disable it.

Within your form definition:

type: Form
identifier: fooForm
label: 'foo'
renderingOptions:
  honeypot:
    enable: false
renderables:
  ...

or within your form setup

TYPO3:
  CMS:
    Form:
      prototypes:
        standard:
          formElementsDefinition:
            Form:
              renderingOptions:
                honeypot:
                  enable: false

@Björn Jacob We should add a note into the docs.

Actions #5

Updated by Ralf Zimmermann over 6 years ago

  • Tags set to Documentation
Actions #6

Updated by Ralf Zimmermann over 6 years ago

  • Related to Epic #82340: EXT:form - improve documentation added
Actions #7

Updated by Ralf Zimmermann over 6 years ago

  • Tracker changed from Bug to Task
  • Subject changed from TyposcriptFrontendController->isUserOrGroupSet() is using wrong condition to check if fe_user is logged in to Documentation for impacts with enabled honeypot and site caching
Actions #8

Updated by Björn Jacob over 6 years ago

  • Sprint Focus changed from Remote Sprint to On Location Sprint
Actions #9

Updated by Björn Jacob over 6 years ago

  • Sprint Focus changed from On Location Sprint to Remote Sprint
Actions #10

Updated by Gerrit Code Review over 6 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

Actions #11

Updated by Gerrit Code Review over 6 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

Actions #12

Updated by Gerrit Code Review over 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56983

Actions #13

Updated by Gerrit Code Review over 6 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56988

Actions #14

Updated by Björn Jacob over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #15

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF