Deprecation: #93023 - Reworked session handling¶
See forge#93023
Description¶
As described in Breaking: #93023 - Reworked session handling the whole session handling in the TYPO3 Core was reworked by moving it out of the user authentication classes.
Therefore some properties and methods within AbstractUserAuthentication
and its subclasses have been marked as deprecated:
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->createSessionId()
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->fetchUserSession()
Impact¶
Accessing id
or calling isExistingSessionRecord()
respectively getSessionId()
will trigger a PHP E_USER_DEPRECATED
error.
Calling createSessionId()
or fetchUserSession()
will not
trigger a PHP E_USER_DEPRECATED
error but will still be reported by the extension
scanner.
Affected Installations¶
All TYPO3 installations with custom extensions directly accessing or calling the deprecated properties or methods.
Migration¶
Creating a new session is now handled by the UserSessionManager
.
Therefore the identifier is set internally on creation of a new session
and should not longer be called directly. Use e.g.
UserSessionManager->createAnonymousSession()
or
UserSessionManager->regenerateSession()
to create a new session
and then access UserSession->getIdentifier()
.
Use UserSessionManager->isSessionPersisted()
instead of
isExistingSessionRecord()
to check if a session is already persisted.
Use the UserSessionManager
to create a new session and then directly
access the UserSession
instead of calling fetchUserSession()
.
Use UserSession->getIdentifier()
instead of getSessionId()
. To
access this information from an user authentication object, call
$userAuthentication->getSession()->getIdentifier()
.