[TYPO3-dev] Tangled-up user authentication -> Fixing extension attached

[Ingo Renner]

Christopher Lörken wrote:

Hi Christopher,

> The effective reduced workload is:
> Guest users: 1 DB call instead of 7
> Authenticated users: 2-3 calls instead of 6-8 (depending on timestamp
> updates)
>
> I've added config flags for disabling fe_session_data and (@Krystian)
> even the whole authentication procedure. Of course, both authentication
> and access on fe_session_data are enabled by default.

sounds great!


> I'd highly appreciate if someone who knows this stuff could review this
> code, otherwise I would not load it to the TER.
>
> I've especially got the following questions:
> 1: I never understood this session fixation thing. AFAIK, the code below
> is allright, but since I didn't get the actual problem it might as well
> be in there.
>
> 2: I've tried to make my changes minimally invasive so I don't think
> that it will break anything. I am not aware of any reason why extensions
> (or the core) would call one of the overwritten methods themselves and /
> or if this might break anything.
>
> 3: If I shall go on and upload this extension to TER, I wondered how to
> move those config flags that currently have to be set to TYPO3_CONF_VARS
> by hand to be configurable in TS? Did only find that for plugins...

please do not upload it to the TER, rather open an issue at 
bugs.typo3.org and attach your code there, ideally as a diff.
Then make a RFC on the core list. Your code will then get reviewed and 
if it's good enough or after improvements it's in the core - how does 
that sound?!

Another possibility would be to meet up with us core devs at T3DD09 next 
week.


best
Ingo

-- 
Ingo Renner
TYPO3 Core Developer, Release Manager TYPO3 4.2