TYPO3 Core

seemes to be solved in Typo3 4.2.9

Resolved with fixed in 4.2.9 as requested by reporter.

hi,

there's no hint that no disk space is left and that the login doesn't work because of that specific reason. a user confronted with this error may first assume that the site might have been hacked, will reset passwords, then tries to roll back to the latest backup, etc. eventually he finds out that there's a problem with the disk space. so it's not the most obvious reason. as quotas are quite common in shared environments IMHO a friendly message about the reason would be very nice.

merry x-mas!

philipp

Hi,

there are so many cases... I think there should perhaps be a general information like "Your session could not be created. Please contact your administrator."
Not only "no space left" would be a message. Think about:
"your cpu has a problem, sorry, you cannot login to TYPO3"
"your ram has a problem, sorry, you cannot login to TYPO3"
"your mainboard looks bad, sorry, you cannot login to TYPO3"
"It is snowing, sorry, but you cannot login to TYPO3 with snow" :-)
...

That's not part of TYPO3 I think. But a much more general information should be displayed if the username and password was correct but if he cannot login.

That would be a good solution I think.

Sven

I think it's hard to identify the problem.
Is it the be_session record in the database, which cannot be created? Dunno, if the result of the DB INSERT is checked.. maybe otherwise an error message should be shown (not that the disk is probably full, but at least that the record couldn't be created).

ok i see. yes - it would be very helpful to know at least that the username / password is correct! but is it that hard to check for any diskspace left? i mean - typo3 writes temporary files (to caches) all the time. so if the login fails, but username/password are correct typo3 could write a small file to a directory that must be writeable and if that fails it's very likely that no diskspace is left anymore. if that directory has wrong rights the user can be warned as well. just an idea - i assume that there are other cases that one must consider.

Not really... TYPO3 writes into the database. The mysql server instead has to log that there is no space left to write something in the database tables.
TYPO3 should give out an error like I wrote so that you know (or your backend user) that they have to inform the administrator to look because they did all right. Think about a normal backend user. What should he do if he get "disk full". He cannot do anything and perhaps he shouldn't know that the administrator cannot look for enough free disk space. ;-)

BTW: Did you ever try to restart a machine with a full disk? :-)

I read a similar bug report not so long ago. I understand that it's hard to track down that the disc is the cause. We can't even say that it's the disc (EDIT: DB might be different machine), we can only say that the DB record wasn't written, because of whatever reason. Might be that the be_sessions table doesn't even exist. I think at least in this case, we should throw an error.

We should display only the generic error message, more information can be logged into sys_log or anywhere else, but should not be displayed in the public error message.
To much information can help attackers to identify vulnerabilities and to make targeted attacks (information disclosure).
I would prefer to not change anything here and close this issue.