From 9666abcf9648c722bff4c86bde6c9a20dc87f19e Mon Sep 17 00:00:00 2001
From: Alexander Opitz <opitz.alexander@googlemail.com>
Date: Mon, 28 Nov 2016 19:14:13 +0100
Subject: [PATCH] [BUGFIX] Documentation of sessionTimeout

A sessionTimeout <= 0 means that a user will be logged out
instantly after login.

Resolves: #78822
Releases: master, 7.6, 6.2
Change-Id: I1890cb7d52347faab1fa3884eb46c9294d997da3
Reviewed-on: https://review.typo3.org/50797
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
---
 .../core/Classes/Authentication/AbstractUserAuthentication.php | 2 +-
 .../core/Classes/Authentication/BackendUserAuthentication.php  | 3 ++-
 .../Classes/Authentication/FrontendUserAuthentication.php      | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index fccb3b6a3b52..7159bf1c2ec8 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -141,7 +141,7 @@ abstract class AbstractUserAuthentication
      * Session timeout (on the server)
      *
      * If >0: session-timeout in seconds.
-     * If 0: no timeout.
+     * If <=0: Instant logout after login.
      *
      * @var int
      */
diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index 55c8e9b24278..464bf851f878 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -252,7 +252,8 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
      * Session timeout (on the server)
      *
      * If >0: session-timeout in seconds.
-     * If 0: no timeout.
+     * If <=0: Instant logout after login.
+     * The value must be at least 180 to avoid side effects.
      *
      * @var int
      */
diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index 122936072493..f73a78472ae1 100644
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -42,7 +42,7 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
      * Session timeout (on the server)
      *
      * If >0: session-timeout in seconds.
-     * If 0: no timeout.
+     * If <=0: Instant logout after login.
      *
      * @var int
      */
-- 
GitLab