Skip to content
  • Benni Mack's avatar
    [!!!][FEATURE] Refactored Session Handling · 733353c1
    Benni Mack authored
    The AbstractUserAuthentication class handles way too much
    of what it should know / do.
    
    For this reason, a new UserSession object which contains
    basic information needed for everything belonging to a non-fixated
    session, a fixated anonymous session, if a session was evelated,
    or if a session has expired, is kept in there.
    The "SessionManager" should not be used anymore publically
    but slowly dissolve into a SessionBackendManager.
    
    Design goals:
    * UserAuth object should not know about session backends
    * UserAuth should not store sessionData etc. directly in its own object
    * Decouple UserSession info from any properties of UserAuth
    * A UserSessionManager deals with the creation and validation of the UserSession objects. No Session Objects can be created etc outside
    of this class to maintain persistability
    * UserSessionManager also encapsulates ipLocking and the responsible SessionBackend
    
    Final goals to be tackled later:
    * Build a user session object from the request object, and not within the UserAuth object
    * Session Handling can be accessed outside of UserAuth
    * Cookie Handling and Session Handling are separated from UserAuth
    * Load Session information from PSR-7 request instead of $_COOKIE
    
    Resolves: #93023
    Releases: master
    Change-Id: Ia2d8244e433d0f6adf220d443b2c0947f251b5e9
    Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66935
    
    
    Tested-by: default avatarTYPO3com <noreply@typo3.com>
    Tested-by: default avatarOliver Bartsch <bo@cedev.de>
    Tested-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
    Tested-by: default avatarBenni Mack <benni@typo3.org>
    Reviewed-by: default avatarOliver Bartsch <bo@cedev.de>
    Reviewed-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
    Reviewed-by: default avatarBenni Mack <benni@typo3.org>
    733353c1