TYPO3 Core

Markus Klein wrote:

I'm sorry, but 4.5 is in "important bugfix"-mode since quite a while.

Obviously this was considered a feature 3 years ago and therefore was only merged into the current master branch.

In my opinion this is not a feature, it is a clear bug.

If there is more than one request to the server at a time, it is possible to loose your session including all session data.

Consider a multistep form with AJAX validation. You've entered data in step one and step two.
On the thrid step you fill the last input field and click the submit button.
If there is a onBlur validation for this field and AJAX validation on click of the button there are two almost simultaneous requests to the server.
(Another case could be that one clicks the Submit Button multiple times [I know this could be prevented too, but the problem still exists in the core]).

What will happen?
One request updates the session data in storeSessionData which deletes the current entry in fe_session_data before inserting a new line without starting a transaction.
If the second request reaches the server in this state, where the entry is already deleted, but the new one is not created yet, Typo3 will create a new Session ID which is than returned to the client.

Et voilà - your form data (i.e. your session) will be lost!

What do you think?
Andreas

Hi Andreas,
I agree to Markus, the reject is ok in my opinion.
As Markus said, this kind of bugfix is more like a feature and need the permission by Ernesto.
On the other hand, keep in mind, that the support of 4.5 ends in march 2015. This are only 4 month, this means that only important bugfixes like security fixes will find the way into 4.5.
I recommend also more likely to upgrade to 6.2 or apply the patch if it is really important in your case.

Andreas Dörler wrote:

Markus Klein wrote:

In my opinion this is not a feature, it is a clear bug.

If there is more than one request to the server at a time, it is possible to loose your session including all session data.

I agree that this change mitigates a possible race condition.
Nevertheless this change will not go into 4.5 any more at this point for the reasons already mentioned by others here, no need to additionally ask Ernesto.