Commit 2f129cb1 authored by Benni Mack's avatar Benni Mack Committed by Benjamin Franzke
Browse files

[!!!][TASK] Remove forceSetCookie from AbstractUserAuthentication

The option "forceSetCookie", previously used
for lifetime, is only set in FrontendUserAuthentication,
and is moved to that subclass as a protected property,
making the dependencies between the parent class and the main class
cleaner.

Resolves: #93073
Releases: master
Change-Id: Ia711b2a0eb7b03ec1b352b0fd498d296a44df101
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67086

Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
Tested-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
parent 9611466b
...@@ -181,13 +181,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface ...@@ -181,13 +181,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
public $user; public $user;
/** /**
* Will force the session cookie to be set every time (lifetime must be 0) * Will prevent the setting of the session cookie
* @var bool
*/
public $forceSetCookie = false;
/**
* Will prevent the setting of the session cookie (takes precedence over forceSetCookie)
* @var bool * @var bool
*/ */
public $dontSetCookie = false; public $dontSetCookie = false;
...@@ -379,7 +373,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface ...@@ -379,7 +373,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
*/ */
public function isSetSessionCookie() public function isSetSessionCookie()
{ {
return ($this->userSession->isNew() || $this->forceSetCookie) && $this->lifetime === 0; return $this->userSession->isNew() && $this->lifetime === 0;
} }
/** /**
......
.. include:: ../../Includes.txt
=====================================================================
Breaking: #93073 - AbstractUserAuthentication->forceSetCookie removed
=====================================================================
See :issue:`93073`
Description
===========
The public property `forceSetCookie`
is removed from the PHP class `AbstractUserAuthentication`.
This property served to ensure that a cookie should be added
at any times, which is useful for time-based cookies, which only
happen in Frontend user sessions. This property is now moved as a protected
property into the FrontendUserAuthentication class and used in this class
solely to reduce the complexity of the internal logic as well as outside API.
Impact
======
Setting this property has no effect anymore, setting this property on a Frontend User object will trigger a PHP warning.
Affected Installations
======================
TYPO3 installations with third-party extensions and special cookie handling, which is very unlikely.
Migration
=========
If custom functionality for setting cookies is needed, it is highly
recommended to send cookies manually via a PSR-15 middleware.
.. index:: Backend, Frontend, PHP-API, FullyScanned, ext:core
...@@ -151,6 +151,12 @@ class FrontendUserAuthentication extends AbstractUserAuthentication ...@@ -151,6 +151,12 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
*/ */
protected $loginHidden = false; protected $loginHidden = false;
/**
* Will force the session cookie to be set every time (lifetime must be 0).
* @var bool
*/
protected $forceSetCookie = false;
/** /**
* Will prevent the setting of the session cookie (takes precedence over forceSetCookie) * Will prevent the setting of the session cookie (takes precedence over forceSetCookie)
* Disable cookie by default, will be activated if saveSessionData() is called, * Disable cookie by default, will be activated if saveSessionData() is called,
......
...@@ -795,4 +795,9 @@ return [ ...@@ -795,4 +795,9 @@ return [
'Breaking-93062-VariousGroup-relatedPublicPropertiesInBE_USERRemoved.rst', 'Breaking-93062-VariousGroup-relatedPublicPropertiesInBE_USERRemoved.rst',
], ],
], ],
'TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->forceSetCookie' => [
'restFiles' => [
'Breaking-93073-AbstractUserAuthentication-forceSetCookieRemoved.rst',
],
],
]; ];
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment