Bug #40611


Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry in logout.php

Added by Tobias Schaefer over 11 years ago. Updated over 6 years ago.

Should have
Backend User Interface
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


After updating from 4.4.15 to 4.5.19 I always get this error when the BE-session expires and I click on the Logout-button:
Fatal error: Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry() in /srv/www/libs/typo3_src-4.5.19/typo3/logout.php on line 73

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #68220: Do not log out a logged out userClosed2015-07-16

Actions #1

Updated by Francois Suter over 11 years ago

  • Status changed from New to Accepted
  • Assignee set to Francois Suter
  • Target version set to 4.5.20
  • Complexity set to easy

Hi Tobias,

Looking at the source code, I found that the error is coming from the form protection factory selecting the wrong form protection class, because the session has already expired. Thus instead of getting an instance of "t3lib_formprotection_BackendFormProtection", it returns an instance of "t3lib_formprotection_DisabledFormProtection". Only the latter has method removeSessionTokenFromRegistry().

There are several ways this could be solved:

  1. add method removeSessionTokenFromRegistry() to t3lib_formprotection_Abstract class from which all others inherit, with a dummy implementation.
  2. in logout.php, add a check for the class returned by the factory method and invoke removeSessionTokenFromRegistry() only if the class is "t3lib_formprotection_BackendFormProtection"
  3. cleaner IMO, would be to define some more generic method like "logoutCleanup", which each form protection class could implement to perform its own cleanup, but that's a more important change of API and not appropriate to a bugfix.

I would favor method 1. I'll ask in the Core ML for opinions before making a patch.

Actions #2

Updated by Ernesto Baschny over 11 years ago

Why not make logout() call this method:

 * Deletes the session token and persists the (empty) token.
 * This function is intended to be called when a user logs on or off.
 * @return void
public function clean() {

which is already defined in the Abstract class, and have the Backendformprotection subclass override this method by also calling (interally) removeSessionTokenFromRegistry.

logout.php calling:


doesn't really look right, because this method is not part of the abstract class (and get() returns a t3lib_formprotection_Abstract after all).

Actions #3

Updated by Francois Suter over 11 years ago

Thanks for your feedback Ernesto. Your suggestion sounds good. I'll take a look at it tomorrow hopefully.

Actions #4

Updated by Andreas Kiessling over 11 years ago

Any news on that? Some bot triggers this error constantly on one of my sites running 4.5.22

Actions #5

Updated by Francois Suter over 11 years ago

  • Assignee deleted (Francois Suter)

Sorry, I never had the time to look at that again. I've been fully busy with documentation. I hope someone else can pick up this issue.

Actions #6

Updated by Gerrit Code Review about 10 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at

Actions #7

Updated by Oliver Hader over 9 years ago

  • Target version changed from 4.5.20 to next-patchlevel
  • TYPO3 Version changed from 4.5 to 6.2
  • Is Regression set to No

Valid for all versions (6.2, 6.1, 4.5)

Actions #8

Updated by Helmut Hummel over 9 years ago

Oliver Hader wrote:

Valid for all versions (6.2, 6.1, 4.5)

Since 6.2 when the session expires, the backend will show an overly with a login box, so you cannot press the logout button.

But I agree this should fixed in the code nontheless

Actions #9

Updated by Mathias Schreiber over 9 years ago

  • Target version changed from next-patchlevel to 7.4 (Backend)
Actions #10

Updated by Christian Kuhn almost 9 years ago

abandoned the 4.5 patch. since the issue exists in 6.2 & master, the issue will not be closed, though.

Actions #11

Updated by Christian Kuhn almost 9 years ago

  • Status changed from Under Review to New
Actions #12

Updated by Susanne Moog almost 9 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions #13

Updated by Helmut Hummel over 8 years ago

  • Status changed from New to Resolved

Resolved with in 6.2 and master

Actions #14

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF