Bug #29405

When storing a new entity inside the session, it will be fully serialized instead of just the reference being stored

Added by Sebastian Kurfuerst about 10 years ago. Updated over 8 years ago.

Must have
Target version:
Start date:
Due date:
% Done:


Estimated time:
PHP Version:
Has patch:


When having the following code:

$newEntity = new MyEntity();


Then, $newEntity is FULLY serialized; although it should only be stored as UUID reference in the session.

As an example, this happens when running the BlogExample setup; after creating an initial user -- this user is directly logged in, but the Account is fully stored in the session.

This leads to very weird bugs, in my case I wanted to store a reference to $account in another entity; and doctrine then told me that the object was not known yet.

The issue is in DependencyInjection\ProxyClassBuilder::buildSerializeRelatedEntitiesCode around line 239:

if (\$this->\$propertyName instanceof \\TYPO3\\FLOW3\\Persistence\\Aspect\\PersistenceMagicInterface && !\\TYPO3\\FLOW3\\Core\\Bootstrap::\$staticObjectManager->get('TYPO3\\FLOW3\\Persistence\\PersistenceManagerInterface')->isNewObject(\$this->\$propertyName) || \$this->\$propertyName instanceof \\Doctrine\\ORM\\Proxy\\Proxy) {
                if (!property_exists(\$this, 'FLOW3_Persistence_RelatedEntities') || !is_array(\$this->FLOW3_Persistence_RelatedEntities)) {

Basically this check somehow needs to be adjusted, such that:
1) New objects which are scheduled for addition are serialized as UUID
2) New objects which are NOT scheduled for addition are serialized completely.

Karsten Hachmeister: Any hints on how we can check that? It seems that PersistenceManagerInterface.::isNewObject also returns TRUE when the object is not known at all to the unit of work. Maybe we need to extend PersistenceManagerInterface then?


Updated by Robert Lemke about 10 years ago

  • Target version changed from 1.0 beta 2 to 1.0.0

Updated by Karsten Dambekalns almost 10 years ago

  • Target version deleted (1.0.0)

Updated by Benno Weinzierl over 8 years ago

Is that issue still relevant?

I am asking because we have an other issue with session scope objects getting another session scope object injected.
This works for one request, after that it results in a ugly apache seg-fault (i suspect because the injected session object is also stored and not reinjected).
I fixed it with @Flow\Transient but it would be nice to make session scope objects work as expected auto of the box.

Also available in: Atom PDF