[TASK] Avoid starting superfluous PHP session 73/60173/7
authorOliver Hader <oliver@typo3.org>
Mon, 11 Mar 2019 23:33:37 +0000 (00:33 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 31 Dec 2019 09:56:44 +0000 (10:56 +0100)
TYPO3 backend does not need PHP session handling since
it has its own session handling implementation.

Resolves: #90024
Releases: master
Change-Id: I9d8ccaf38c62b86d3b6945b2c631a2602b4aa73f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60173
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/Controller/LoginController.php

index 39566ec..923ee81 100644 (file)
@@ -163,8 +163,6 @@ class LoginController implements LoggerAwareInterface
         $queryParams = $request->getQueryParams();
         $this->validateAndSortLoginProviders();
 
-        // We need a PHP session session for most login levels
-        session_start();
         $this->redirectUrl = GeneralUtility::sanitizeLocalUrl($parsedBody['redirect_url'] ?? $queryParams['redirect_url'] ?? null);
         $this->loginProviderIdentifier = $this->detectLoginProvider($request);
 
@@ -351,11 +349,7 @@ class LoginController implements LoggerAwareInterface
          */
         if (!isset($_COOKIE[BackendUserAuthentication::getCookieName()])) {
             if ($this->submitValue === 'setCookie') {
-                /*
-                 * we tried it a second time but still no cookie
-                 * 26/4 2005: This does not work anymore, because the saving of challenge values
-                 * in $_SESSION means the system will act as if the password was wrong.
-                 */
+                // we tried it a second time but still no cookie
                 throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3. ' .
                     'Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
             }