Task #88458

Remove Frontend Track User functionality

Added by Benni Mack 4 months ago. Updated 2 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
Category:
Frontend
Start date:
2019-05-29
Due date:
% Done:

100%

TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

The FTU functionality (created before 2003) was used to handle sessions without cookies. This has been superseded by new technologies which do not expose the Session ID as easy as ftu.

Associated revisions

Revision 8300dd31 (diff)
Added by Benni Mack 4 months ago

[!!!][TASK] Remove Frontend Track User functionality

The functionality "ftu" ("Frontend Track User"), which allows
to send the session through GET parameter within the site
has been removed.

It was used to hand in a session via `config.ftu = 1` and
the GET parameter "ftu=a-32-character-string", which then
started a session which was added to any link generated.

This way, sessions could have been transferred across
domains but only if cookies would not be activated by
the browser, which is unreliable.

In order to pave the way to modern standards (OTP
or JWT), this functionality is removed, as the ftu functionality
has some flaws, conceptually and security wise.

Removed public properties
  • AbstractUserAuthentication->get_name
  • AbstractUserAuthentication->getFallBack
  • AbstractUserAuthentication->getMethodEnabled
  • AbstractUserAuthentication->get_URL_ID
  • TypoScriptFrontendController->getMethodUrlIdToken
Removed TypoScript:
  • config.ftu = 1
Removed TYPO3_CONF_VARS
  • $TYPO3_CONF_VARS[FE][get_url_id_token]

GET Parameter "ftu" has no special meaning anymore.

Resolves: #88458
Releases: master
Change-Id: I664be44228b2180909f6abfda8acfcd5fe36aa5a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840
Tested-by: Markus Klein <>
Tested-by: TYPO3com <>
Tested-by: Andreas Fernandez <>
Reviewed-by: Markus Klein <>
Reviewed-by: Andreas Fernandez <>

History

#1 Updated by Gerrit Code Review 4 months ago

  • Status changed from New to Under Review

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840

#2 Updated by Gerrit Code Review 4 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840

#3 Updated by Benni Mack 4 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#4 Updated by Gerrit Code Review 2 months ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61321

#5 Updated by Gerrit Code Review 2 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61156

#6 Updated by Gerrit Code Review 2 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61156

#7 Updated by Gerrit Code Review 2 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61156

Also available in: Atom PDF