Deprecation-93023-ReworkedSessionHandling.rst 2.31 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
.. include:: ../../Includes.txt

.. _changelog-Deprecation-93023-ReworkedSessionHandling:

===============================================
Deprecation: #93023 - Reworked session handling
===============================================

See :issue:`93023`

Description
===========

As described in :ref:`changelog-Breaking-93023-ReworkedSessionHandling`
the whole session handling in the TYPO3 Core was reworked by moving it
out of the user authentication classes.

Therefore some properties and methods within :php:`AbstractUserAuthentication`
and its subclasses have been marked as deprecated:

21
22
*  :php:`TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->createSessionId()`
*  :php:`TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->fetchUserSession()`
23
24
25
26
27
28


Impact
======

Accessing :php:`id` or calling :php:`isExistingSessionRecord()`
29
respectively :php:`getSessionId()` will trigger a PHP :php:`E_USER_DEPRECATED` error.
30
31

Calling :php:`createSessionId()` or :php:`fetchUserSession()` will not
32
trigger a PHP :php:`E_USER_DEPRECATED` error but will still be reported by the extension
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
scanner.


Affected Installations
======================

All TYPO3 installations with custom extensions directly accessing or calling
the deprecated properties or methods.


Migration
=========

Creating a new session is now handled by the :php:`UserSessionManager`.
Therefore the identifier is set internally on creation of a new session
and should not longer be called directly. Use e.g.
:php:`UserSessionManager->createAnonymousSession()` or
:php:`UserSessionManager->regenerateSession()` to create a new session
and then access :php:`UserSession->getIdentifier()`.

Use :php:`UserSessionManager->isSessionPersisted()` instead of
:php:`isExistingSessionRecord()` to check if a session is already persisted.

Use the :php:`UserSessionManager` to create a new session and then directly
access the :php:`UserSession` instead of calling :php:`fetchUserSession()`.

Use :php:`UserSession->getIdentifier()` instead of :php:`getSessionId()`. To
access this information from an user authentication object, call
:php:`$userAuthentication->getSession()->getIdentifier()`.

Related
=======

66
67
68
*  :ref:`changelog-Breaking-93023-ReworkedSessionHandling`
*  :ref:`changelog-Feature-93023-IntroduceUserSessionAndUserSessionManager`

69
70

.. index:: PHP-API, FullyScanned, ext:core