Bug #43673

Session shutdown might keep destroyed session alive

Added by Robert Lemke over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
Session
Start date:
2012-12-06
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:
medium

Description

There's a race condition in multi-server setups regarding the session shutdown: If a session has been destroyed by a second server between start() / resume() and shutdownObject(), the shutdown method will implicitly revive the session because it writes the session entry into the storage cache without checking if the session still exists.

#1

Updated by Gerrit Code Review over 8 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16994

#2

Updated by Gerrit Code Review over 8 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16994

#3

Updated by Robert Lemke over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF