I have implemented a controller with only one action one can call with a user token.
Therefore I’ve defined a “appSingleToken”, regarding suggestions in sessionless tokens here.
Thus my implementation looks like this:
class appSingleToken extends AbstractToken implements SessionlessTokenInterface {
....
}
This works, but I’m wondering about this produces a cookie named “TYPO3_Flow_Session”.
I’ve expected: no session = no session cookie.
What is wrong? My assumption or my implementation or both?
As I said: it works but I want to understand the mechanism…
the Flow session should not be started, so no TYPO3_Flow_Session cookie should be set.
You can check the system log to see what actually started the session. If it is the authentication there might be something wrong with your configuration.
But it can also be that some other @Flow\Session(autoStart=true) initiated it…
Could it be that you have that cookie from a different request, and the actual cookie has nothing to do with the sessionless authentication your are working on now? Try and empty all cookies, try with a different browser or anything that will ensure that your browser session is clean.
@mexoona So most probably the DefaultProvider starts the session. Can you disable it and try if that works?
If you don’t need it, you can ofc remove that configuration.
Otherwise make sure to use Request Patterns to explicitly control which provider ought to be active for which request.
Hello Bastian,
now back to this project (lots of work an others).
I’ve commented out the default provider. But still the same behavior. First I thought "disabling"
did not work, but output of “configuration:show” was as expected:
Surprisingly the call to our login form sets no cookie until one tries to login (which fails of course).
Some other suggestions?
As I noted above: the systems works. I’m only interrested what’s going wrong here.