From 4ac0cc64a27d757903fc0115693ea27da73cab5b Mon Sep 17 00:00:00 2001
From: Tobias Oetiker <tobi@oetiker.ch>
Date: Mon, 12 Jun 2017 15:06:14 +0200
Subject: [PATCH] do not record login event for every tokenAuth

doing a full login is an expensive process in silverstripe ... so if we go for token auth,
let's have some performance benefit as well .. for single record ops this can give us 300% more performance.
---
 code/authenticator/RESTfulAPI_TokenAuthenticator.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/code/authenticator/RESTfulAPI_TokenAuthenticator.php b/code/authenticator/RESTfulAPI_TokenAuthenticator.php
index f9df4b1..5689ffe 100644
--- a/code/authenticator/RESTfulAPI_TokenAuthenticator.php
+++ b/code/authenticator/RESTfulAPI_TokenAuthenticator.php
@@ -421,7 +421,10 @@ private function validateAPIToken($token)
         }
         //all good, log Member in
         if (is_a($tokenOwner, 'Member')) {
-            $tokenOwner->logIn();
+            # $tokenOwner->logIn();
+            # this is a login without the logging
+            $tokenOwner::session_regenerate_id();
+            Session::set("loggedInAs", $tokenOwner->ID);
         }
 
               return true;