[!!!][TASK] Remove lockHashKeyWords functionality
The TYPO3 Core used the "useragent" to create a hashbase by default to harden the session hijacking functionality. This very very old feature adds a tiny bit of security on top, however it has the drawback that users get logged out (of BE or FE) if their browser updates (due to evergreen browsers or security updates as the user agent string changes). This is very inconvenient for websites that use a very long session time for logged in users in the frontend (or backend) when using TYPO3 as a platform or application. It was originally concepted so it could be extended but there is no hook to do so, and extending all classes does not really make a lot of sense in the hierarchical PHP class structure. Resolves: #79513 Releases: master Change-Id: I78e58210da80c7c1544a644e8e10bc1f667b5bf1 Reviewed-on: https://review.typo3.org/51437 Tested-by:TYPO3com <no-reply@typo3.com> Reviewed-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Tested-by:
Showing
- typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php 0 additions, 41 deletions...ore/Classes/Authentication/AbstractUserAuthentication.php
- typo3/sysext/core/Configuration/DefaultConfiguration.php 0 additions, 2 deletionstypo3/sysext/core/Configuration/DefaultConfiguration.php
- typo3/sysext/core/Documentation/Changelog/master/Breaking-79513-RemovedSessionLockingBasedOnUseragent.rst 57 additions, 0 deletions.../Breaking-79513-RemovedSessionLockingBasedOnUseragent.rst
- typo3/sysext/core/ext_tables.sql 0 additions, 1 deletiontypo3/sysext/core/ext_tables.sql
- typo3/sysext/frontend/ext_tables.sql 0 additions, 1 deletiontypo3/sysext/frontend/ext_tables.sql
- typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php 4 additions, 1 deletion...all/Classes/Service/SilentConfigurationUpgradeService.php
Please register or sign in to comment