Bug #56348: Session randomly lost in eID - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #56348

closed

Session randomly lost in eID

Added by Grégory Duchesnes over 10 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Mathias Schreiber

Category:

Frontend

Target version:

Start date:

2014-02-26

Due date:

% Done:

Estimated time:

TYPO3 Version:

6.1

PHP Version:

5.3

Tags:

Complexity:

hard

Is Regression:

Sprint Focus:

Description

Hi all,

I have a piece of eID code that checks if a user is loggued in to the website and then takes action or send him back to an error page.
Once in a while $GLOBALS["TSFE"]->fe_user->user is false for no reason (i can see in the logs that the user logged-in few only a few seconds before).

Bug occurs in any browser, the website runs in https, has a P3P policy (for IE) and is not behind a proxy.

Here is my code (simplified) :¶

$GLOBALS["TSFE"] = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController', $TYPO3_CONF_VARS, 0, 0); $GLOBALS["TSFE"]->initFEuser(); if(!$GLOBALS["TSFE"]->fe_user->user) { header('Location: /?logintype=logout&session=expired'); die(); }

My session config :¶

'FE' => array( 'lifetime' => '1800', 'loginSecurityLevel' => 'normal', 'permalogin' => '2', 'sessionDataLifetime' => '1800', ),

And here is what i see in my apache log file :¶

# the guy connects to the site : ok
xxx.51.48.xx - - [26/Feb/2014:10:40:01 +0100] "POST / HTTP/1.1" 200 17025
# downloads some resources : ok
xxx.51.48.xx - - [26/Feb/2014:10:40:03 +0100] "GET /typo3temp/vhs-assets-1f45c81006146c4e25a69b3c56b0fc5c-4e0ef181f23cb080794861bbc21114e0.css?1393407602 HTTP/1.1" 200 9520
# browses to another page : ok
xxx.51.48.xx - - [26/Feb/2014:10:40:52 +0100] "GET /attestations/ HTTP/1.1" 200 17037
# tries to call the eID : KO
xxx.51.48.xx - - [26/Feb/2014:10:41:02 +0100] "GET /attestations/?eID=espacesante_downloadAttestationSecu&annee=2013&fe_user=xxxxx&cHash=544421d45e7e2c1f2d9cc4d8896f4670 HTTP/1.1" 302 -
xxx.51.48.xx - - [26/Feb/2014:10:41:02 +0100] "GET /?logintype=logout&session=expired HTTP/1.1" 200 14851

And in my MySQL logs :¶

when everything works fine (goes to another page) :¶

140226 10:40:52   117 Connect    xxx@localhost on 
          117 Query    SET NAMES utf8
          117 Query    SELECT @@SESSION.sql_mode
          117 Init DB    xxx
          117 Query    SELECT COUNT(*) FROM fe_sessions WHERE ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
          117 Query    SELECT * FROM fe_sessions,fe_users WHERE fe_sessions.ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                    AND fe_sessions.ses_name = 'fe_typo_user'
                    AND fe_sessions.ses_userid = fe_users.uid
                    AND (
                fe_sessions.ses_iplock = 'xxx.51'
                OR fe_sessions.ses_iplock='[DISABLED]'
                )
                    AND fe_sessions.ses_hashlock=59869828
                     AND fe_users.disable=0 AND fe_users.deleted=0 AND (fe_users.starttime<=1393407652) AND (fe_users.endtime=0 OR fe_users.endtime>1393407652)
          117 Query    UPDATE fe_sessions SET ses_tstamp='1393407652' WHERE ses_id='e5d1676ea7103abfcae1789cbc7dde18'
                                                AND ses_name='fe_typo_user'
          117 Query    SELECT * FROM fe_sessions,fe_users WHERE fe_sessions.ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                    AND fe_sessions.ses_name = 'fe_typo_user'
                    AND fe_sessions.ses_userid = fe_users.uid
                    AND (
                fe_sessions.ses_iplock = 'xxx.51'
                OR fe_sessions.ses_iplock='[DISABLED]'
                )
                    AND fe_sessions.ses_hashlock=59869828
                     AND fe_users.disable=0 AND fe_users.deleted=0 AND (fe_users.starttime<=1393407652) AND (fe_users.endtime=0 OR fe_users.endtime>1393407652)
          117 Query    UPDATE fe_sessions SET ses_tstamp='1393407652' WHERE ses_id='e5d1676ea7103abfcae1789cbc7dde18'
                                                AND ses_name='fe_typo_user'
          117 Query    SELECT * FROM fe_session_data WHERE hash = 'e5d1676ea7103abfcae1789cbc7dde18'

And when it fails (eID) :¶

140226 10:41:02      132 Connect    xxx@localhost on 
          132 Query    SET NAMES utf8
          132 Query    SELECT @@SESSION.sql_mode
          132 Init DB    xxx
          132 Query    SELECT COUNT(*) FROM fe_sessions WHERE ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
          132 Query    SELECT content,tstamp FROM fe_session_data WHERE hash = 'e5d1676ea7103abfcae1789cbc7dde18'
          132 Query    SELECT * FROM fe_sessions,fe_users WHERE fe_sessions.ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                    AND fe_sessions.ses_name = 'fe_typo_user'
                    AND fe_sessions.ses_userid = fe_users.uid

                    AND fe_sessions.ses_hashlock=59869828
                     AND fe_users.disable=0 AND fe_users.deleted=0 AND (fe_users.starttime<=1393407662) AND (fe_users.endtime=0 OR fe_users.endtime>1393407662)
          131 Query    SELECT content FROM cf_extbase_object WHERE identifier = 'f4161c7b5ff989cc5937476177f76d76' AND cf_extbase_object.expires >= 1393407661 LIMIT 1
          132 Query    SELECT /*! SQL_NO_CACHE */ ses_userid FROM fe_sessions WHERE ses_id=0
          132 Query    DELETE FROM fe_session_data WHERE hash='e5d1676ea7103abfcae1789cbc7dde18'
          132 Query    DELETE FROM fe_sessions WHERE ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                        AND ses_name = 'fe_typo_user'
          132 Query    SELECT * FROM fe_sessions,fe_users WHERE fe_sessions.ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                    AND fe_sessions.ses_name = 'fe_typo_user'
                    AND fe_sessions.ses_userid = fe_users.uid

                    AND fe_sessions.ses_hashlock=59869828
                     AND fe_users.disable=0 AND fe_users.deleted=0 AND (fe_users.starttime<=1393407662) AND (fe_users.endtime=0 OR fe_users.endtime>1393407662)
          132 Query    SELECT /*! SQL_NO_CACHE */ ses_userid FROM fe_sessions WHERE ses_id=0
          132 Query    DELETE FROM fe_session_data WHERE hash='e5d1676ea7103abfcae1789cbc7dde18'
          132 Query    DELETE FROM fe_sessions WHERE ses_id = 'e5d1676ea7103abfcae1789cbc7dde18'
                        AND ses_name = 'fe_typo_user'
          132 Quit

Any clue?¶

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (2)

Bug #56348

Session randomly lost in eID

Here is my code (simplified) :¶

My session config :¶

And here is what i see in my apache log file :¶

And in my MySQL logs :¶

when everything works fine (goes to another page) :¶

And when it fails (eID) :¶

Any clue?¶

Updated by Grégory Duchesnes over 10 years ago

Updated by Markus Klein over 10 years ago

Updated by Grégory Duchesnes over 10 years ago

Updated by Markus Klein over 10 years ago

Updated by Grégory Duchesnes over 10 years ago

Updated by Grégory Duchesnes over 10 years ago

Updated by Mathias Schreiber almost 10 years ago

Updated by Grégory Duchesnes almost 10 years ago

Updated by Alexander Opitz over 9 years ago

Updated by Wouter Wolters over 9 years ago