TYPO3 Core

In TYPO3\CMS\Core\Session\SessionManager class method invalidateAllSessionsByUserId is called for an example when fe_user password is changed in backend.

If fe_sessions table has 300k+ entries getting all sessions runs out of memory. Increasing memory to 2GB helps but only to a point.

It would be better if only sessions specific for fe_user are fetched instead of $backend->getAll().

foreach ($backend->getAll() as $session) {
            if ($userAuthentication !== null) {
                if ($session['ses_id'] === $sessionToRenew || $session['ses_id'] === $hashedSessionToRenew) {
                    $userAuthentication->enforceNewSessionId();
                    continue;
                }
            }
            if ((int)$session['ses_userid'] === $userId) {
                $backend->remove($session['ses_id']);
            }
        }

This might also be a problem by password recovery, but I did not test that.

Number of sessions in fe_sessions needed for memory issue depends on ses_data size. My issue was with 300k+ entries.