Task #94243
Updated by Oliver Hader almost 2 years ago
Several performance analysis showed that @AbstractUserAuthentication@ takes a reasonable amount of processing time (~ 5-10% of total), even if a session ID are not given or invalid. In order to reduce database invocations for invalid sessions, a corresponding HMAC signature is added to HTTP cookie values.
h3. Additional aspects
* requires change in testing-framework (probably use @UserSession->getCookieValue()@), see https://github.com/TYPO3/testing-framework/blob/d74a027a186d62e6218b8e29328449d9b97e259f/Classes/Core/Functional/FunctionalTestCase.php#L425
h3. Next steps (out of scope for this issue)
* try avoid loading AbstractUserAuthentication in general
** probably check cookie signature in middleware already
** separate authentication into session-cookie vs. login-process