Task #83212
closed
Documentation for impacts with enabled honeypot and site caching
Added by Tobias Pfender over 6 years ago.
Updated over 5 years ago.
Sprint Focus:
Remote Sprint
Description
\TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isUserOrGroupSet() checks if $GLOBALS['TSFE']->fe_user->user is an array, but this works only if nowhere in the system, data is stored with TYPO3 session handling.
$GLOBALS['TSFE']->fe_user->setKey();
$GLOBALS['TSFE']->fe_user->storeSessionData();
This stores some "ses_xx" keys in $GLOBALS['TSFE']->fe_user->user array. I'm trying to use EXT:staticfilecache which checks for frontenduser with this method and it returns true on every page, because ext:form stores some data in sessions. I'm pretty sure this is not a bug in EXT:staticfilecache.
I used a clean TYPO3 instance only with sysext, EXT:staticfilecache and a fluidtemplate to debug it.
TYPO3 8.7.8
PHP 7.0
Related issues
1 (1 open — 0 closed)
This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()
- Category changed from Frontend to Form Framework
Tobias Pfender wrote:
This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->isStaticCacheble() and This also affects \TYPO3\CMS\Frontend\Controller\TyposcriptFrontendController->sendCacheHeaders()
The behaviour is correct, however EXT:form is adding session data on a page with a form plugin, so this is a killer "out-of-the-core". The rest of the behaviour is correct - e.g. an extension adding shopping cart functionality creates an (anonymous) session should never do static caching.
- Sprint Focus set to Remote Sprint
If you use the honeypot feature (enabled by default), some data will be stored within the session (only here uses ext: form session data).
One solution could be to disable it.
Within your form definition:
type: Form
identifier: fooForm
label: 'foo'
renderingOptions:
honeypot:
enable: false
renderables:
...
or within your form setup
TYPO3:
CMS:
Form:
prototypes:
standard:
formElementsDefinition:
Form:
renderingOptions:
honeypot:
enable: false
@Björn Jacob We should add a note into the docs.
- Tags set to Documentation
- Related to Epic #82340: EXT:form - improve documentation added
- Tracker changed from Bug to Task
- Subject changed from TyposcriptFrontendController->isUserOrGroupSet() is using wrong condition to check if fe_user is logged in to Documentation for impacts with enabled honeypot and site caching
- Sprint Focus changed from Remote Sprint to On Location Sprint
- Sprint Focus changed from On Location Sprint to Remote Sprint
- Status changed from New to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF