@sgiehl
Description:
I've debug for quite a while now, but actually couldn't find the change that actually caused the problem.
Even going a few hundreds commits back in history didn't fix the issue locally, so it seems to be there for a while.
Which actually makes it even more strange that it still works on demo.
Nevertheless, for some reason the Authentication does never return a success state for anonymous user. So the Auth object holds no login, and the list of available sites stays empty
fixes #17077
Review
- [ ] Functional review done
- [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
- [ ] Security review done see checklist
- [ ] Code review done
- [ ] Tests were added if useful/possible
- [ ] Reviewed for breaking changes
- [ ] Developer changelog updated if needed
- [ ] Documentation added if needed
- [ ] Existing documentation updated if needed
Looking at the test results indicates, that we actually never returned a success state for anonymous before. The tests for that didn't change since 2014.
Not sure how that could be solved in another way. If there is no successful authentication the session won't be initialized and so the current session will always be counted as outdated.
@diosmosis @tsteur maybe one of you has an idea for that. Don't want to waste more time debugging the code...
@diosmosis
code looks ok to me, can't think of a way this could be abused. not sure if @tsteur wants to take a look before merging?
@tsteur
Looks good @diosmosis 👍