Breaking: #92802 - User-database-based authentication timeout field removed

See forge#92802


The AbstractUserAuthentication object had the possibility to theoretically use a database field where a session timeout value for the session storage could be set. This was never implemented but rather separated into a separate property called sessionTimeout.

This functionality, together with the public property auth_timeout_field, has been removed.


Setting the property via a custom extension will result in a PHP warning, as the property does not exist anymore.

In addition, this property is never evaluated anymore when determining the session timeout.

Affected Installations

TYPO3 installations that used third-party code to modify the session timeout value based on a database field, which relied on the public property for implementation purposes.


Use a custom implementation with custom hooks or custom authentication provider to achieve the same results.