Bug #9532

FLOW3 looses session data / tokens if scope session is used elsewhere

Added by Robert Lemke over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
Category:
Session
Start date:
2010-08-31
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

In the TYPO3 package I started implementing a TYPO3-specific session class:

/**
 * A TYPO3 Session
 *
 * @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
 * @scope session
 */
class Session {

    /**
     * @var \F3\PHPCR\SessionInterface
     */
    protected $contentRepositorySession;

    /**
     * Constructs the TYPO3 Session.
     *
     * This logs in at the Content Repository with the currently logged in
     * TYPO3 user and attaches the CR's session to this TYPO3 session.
     *
     * @param \F3\PHPCR\RepositoryInterface $contentRepository
     * @param \F3\FLOW3\Security\Context $securityContext
     * @author Robert Lemke <robert@typo3.org>
     */
    public function __construct(\F3\PHPCR\RepositoryInterface $contentRepository, \F3\FLOW3\Security\Context $securityContext) {
        $account = $securityContext->getAccount();
        $workspaceName = ($account !== NULL) ? 'user-' . $account->getAccountIdentifier() : 'live';
        $this->contentRepositorySession = $contentRepository->login(NULL, $workspaceName);
    }

    /**
     * Returns the current content repository session, if any
     *
     * @return \F3\PHPCR\SessionInterface
     * @author Robert Lemke <robert@typo3.org>
     */
    public function getContentRepositorySession() {
     return $this->contentRepositorySession;
    }
}

So, essentially TYPO3 Session objects contain a reference to a CR session (which is of scope prototype) and some other objects attached to that session.

Now, when I login to the TYPO3 backend and then afterwards call a controller (in this case a Node service controller) which accesses this TYPO3 session, I loose the UsernamePassword token and therefore need to authenticate again. When I disable the @scope session of the TYPO3 Session class, I don't have to re-authenticate.

#1

Updated by Robert Lemke over 10 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF