-
The functionality "ftu" ("Frontend Track User"), which allows to send the session through GET parameter within the site has been removed. It was used to hand in a session via `config.ftu = 1` and the GET parameter "ftu=a-32-character-string", which then started a session which was added to any link generated. This way, sessions could _have_ been transferred across domains but only if cookies would not be activated by the browser, which is unreliable. In order to pave the way to modern standards (OTP or JWT), this functionality is removed, as the ftu functionality has some flaws, conceptually and security wise. Removed public properties * AbstractUserAuthentication->get_name * AbstractUserAuthentication->getFallBack * AbstractUserAuthentication->getMethodEnabled * AbstractUserAuthentication->get_URL_ID * TypoScriptFrontendController->getMethodUrlIdToken Removed TypoScript: * config.ftu = 1 Removed TYPO3_CONF_VARS * $TYPO3_CONF_VARS[FE][get_url_id_token] GET Parameter "ftu" has no special meaning anymore. Resolves: #88458 Releases: master Change-Id: I664be44228b2180909f6abfda8acfcd5fe36aa5a Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60840 Tested-by:Markus Klein <markus.klein@typo3.org> Tested-by:
TYPO3com <noreply@typo3.com> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
8300dd31
