« Previous | Next » 

Revision ff5de86a


Added by Robert Lemke almost 9 years ago

[FEATURE] Support for sessionless authentication

This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.

Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.

This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.

The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.

This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency

Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0

  • added
  • modified
  • copied
  • renamed
  • deleted