Bug #24790

Form protection tokens get lost because of a race condition when persisting tokens

Added by Helmut Hummel over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
Start date:
2011-01-25
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:

If two (or more) scripts are executed (almost) at the same time, both scripts retrieve the same token array from the session. Both scripts will create new tokens independently. The script that is executed last will overwrite the tokens generated by the first script.

Solution:
Before writing all tokens back to the session we need to retrieve the current tokens from the session again and lock this for one process only.

How to test:
  • Apply the test patch
  • Reload the backend
  • Go to file list module and wait until both frames loaded
  • hover over the help icon in navigation frame

(issue imported from #M17289)


Files

17289.diff (4.5 KB) 17289.diff Administrator Admin, 2011-01-25 10:39

Related issues

Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
Related to TYPO3 Core - Bug #24799: Unable to set new Install Tool PasswordClosedSteffen Kamper2011-01-25

Actions
Related to TYPO3 Core - Bug #24962: After introducing the locking in #24790 no CSRF token will ever be deletedClosedHelmut Hummel2011-02-04

Actions

Also available in: Atom PDF