Bug #24962

After introducing the locking in #24790 no CSRF token will ever be deleted

Added by Helmut Hummel over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
-
Target version:
Start date:
2011-02-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem:
After introducing the locking in #24790, fetching the probably updated token array and merging this with the token array of the current request, all tokens that have been unset during this request are again added to the array (they are present in the fetched array of tokens).

Solution:
Keep track which tokens are added and deleted during the request and update the token array accordingly.

Note:
Since we now know if changes are made to the token array during one request, we could simply skip the locking and persisting, which saves quite some time for modules that do not create or validate tokens (which most modules do not do).

(issue imported from #M17490)


Files

17490.diff (3.49 KB) 17490.diff Administrator Admin, 2011-02-04 21:08

Related issues

Related to TYPO3 Core - Bug #24790: Form protection tokens get lost because of a race condition when persisting tokensClosedErnesto Baschny2011-01-25

Actions
Related to TYPO3 Core - Bug #24671: Protect C(R)UD actions against CSRFClosedErnesto Baschny2011-01-20

Actions
#1

Updated by Steffen Kamper over 10 years ago

Committed to 4_5 rev 10391 and trunk rev 10392

Also available in: Atom PDF