« Previous | Next » 

Revision 7d79b800


Added by Bastian Waidelich over 8 years ago

[!!!][FEATURE] Support for "sessionless authentication"

This feature enables authentication without the need of a session to be started.
This is useful for stateless services (e.g. REST) where you don't want Flow to create
a session cookie.

This is a breaking change if you created a custom authentication provider or -token
and relied on the fact that AuthenticationProvider::authenticate() started a session.
With this change the session is started when AuthenticationToken::updateCredentials() is
called. This way the token can decide if it needs a session.
Just add a @Flow\Session(autoStart=true) to the updateCredentials() method if your custom
token relies on a session.

Change-Id: I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369
Resolves: #45282
Releases: master, 2.0

  • added
  • modified
  • copied
  • renamed
  • deleted