Bug #46428
Session is started on every request
| Status: | Resolved | Start date: | 2013-03-19 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Bastian Waidelich | % Done: | 100% |
|
| Category: | Session | |||
| Target version: | TYPO3 Flow Base Distribution - 2.0 | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | Affected Flow version: | Git 2.0 |
Related issues
Associated revisions
[FEATURE] Support for sessionless authentication
This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.
Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.
This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.
The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.
This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.
Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0
[FEATURE] Support for sessionless authentication
This feature enables authentication without the need of a session to
be started. This is useful for stateless services (e.g. REST) where
you don't want Flow to create a session cookie.
Authentication tokens which don't rely on a session simply implement
the SessionlessTokenInterface marker interface.
This patch reverts parts of the first implementation of sessionless
authentication introduced in https://review.typo3.org/#/c/18388
(commit I5f86cb7a3a3fff3220d61d705f216e1b1d4f2369).
The original implementation was a breaking change with a few
unresolved side effects.
The implementation contained in this change set is backwards
compatible with already existing authentication tokens which
relied on sessions.
This patch also contains a small speed optimization for the CSRF
Protection pattern which assumes that no account has been
authenticated yet if the Authentication Manager is still a Dependency
Proxy.
Change-Id: Iccd2b8fde6a5f37d3d434c959705a85cdcda4b11
Resolves: #45282
Resolves: #46428
Releases: master, 2.0
History
#1 Updated by Gerrit Code Review over 2 years ago
- Status changed from Accepted to Under Review
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859
#2 Updated by Gerrit Code Review over 2 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18859
#3 Updated by Gerrit Code Review over 2 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#4 Updated by Gerrit Code Review over 2 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#5 Updated by Gerrit Code Review over 2 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340
#6 Updated by Anonymous over 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9feb5902e1c4ed1b32278b28b6edc0a41a6bb7b9.
#7 Updated by Gerrit Code Review over 2 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19615
#8 Updated by Anonymous over 2 years ago
- Status changed from Under Review to Resolved
Applied in changeset ff5de86a050865abee0fb5c860261c66710b74f5.