Skip to content
Snippets Groups Projects
Commit 122eab1d authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[!!!][TASK] Send user session cookies as hash-signed JWT 

Several performance analysis showed that `AbstractUserAuthentication`
takes a reasonable amount of processing time, even if a session ID
are not given or invalid. In order to reduce database invocations
for invalid sessions, user session cookies are sent as hash-signed
JWT - which allows to check their validity without invoking storages.

Required typo3/testing-framework preparation has been merged with
https://github.com/TYPO3/testing-framework/pull/365 and updated.

Custom implementations, handling cookies on their own, have to use the
introduced method \TYPO3\CMS\Core\Session\UserSession::getJwt() instead
of existing \TYPO3\CMS\Core\Session\UserSession::getIdentifier().

Resolves: #94243
Releases: main
Change-Id: Icfdc17bf6d6d715a0cfab76517aaef96fd985f1f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69337


Tested-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: default avatarStefan Bürk <stefan@buerk.tech>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: default avatarStefan Bürk <stefan@buerk.tech>
Reviewed-by: default avatarKevin Appelt <kevin.appelt@icloud.com>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent 8c6e4b5b
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 145 additions and 12 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment