Feature: #84545 - Allow temporary files to be stored outside the document root¶
The environment variable called
TYPO3_PATH_APP, which was previously introduced with the Environment API, is now used
to allow to store data outside of the document root.
All regular composer-based installations now benefit from this functionality directly, as data which was previously
stored and hard-coded within
typo3temp/var/ is now stored within the project root folder
For non-composer installations, it is possible to set the environment variable to a folder usually one level upwards than the regular web root. This increases security for any TYPO3 installation as files are not publicly accessible (for example via web browser) anymore.
A typical example:
TYPO3_PATH_APPis set to
The web folder is then set to
Non-public files are then put to
/var/www/my-project/var/session(like Maintenance Tool Session files)
/var/www/my-project/var/cache(Caching Framework data)
/var/www/my-project/var/lock(Files related to locking)
/var/www/my-project/var/log(Files related to logging)
/var/www/my-project/var/extensionmanager(Files related to extension manager data)
/var/www/my-project/var/transient(Files related to import/export, core updater, FAL)
If the option is not set, the
typo3temp/var/ folder is still used, but with some minor differences
regarding the naming scheme of the folders.
For installations having the environment variable set, the folder is now not within
but outside of the document root in a folder called
For installations without this setting in use, there are minor differences in the folder structure:
typo3temp/var/cacheis now used instead of
typo3temp/var/logis now used instead of
typo3temp/var/lockis now used instead of
typo3temp/var/sessionis now used instead of
typo3temp/var/extensionmanageris now used instead of
Although it is a most common understanding in the TYPO3 world that
typo3temp/ can be removed at any time,
it is considered bad practice to remove the whole folder. Only folders relevant for the current development
changes should selectively be removed.