Bug #93878

TYPO3 uses flock() directly (hard-wired) for session locking

Added by Sybille Peters about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2021-04-08
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

While the locking API makes it possible to configure and extend the locking with alternatives (e.g. Redis), this is not possible for locking used in the session files.

This uses flock() directly, which may fail on NFS bases storages (see #72074).

It is not possible to override this.

If this is not known, this can be a problem.

My recommendation / workaround is to symlink specific directories to local storage. However, this is currently not documented well and may create problems if you for example symlink the entire directories (including the assets) and use multiple servers.

In addition to this, if flock() fails for the session file, you get a misleading error message:

'Session file not writable. Please check permission on ' . 
$this->sessionPath . ' and its subdirectories.',
1424355157

Source code

typo3/sysext/install/Classes/Service/Session/FileSessionHandler.php:

public function read($id)
{
    $sessionFile = $this->getSessionFile($id);
    $content = '';
    if (file_exists($sessionFile)) {
        if ($fd = fopen($sessionFile, 'rb')) {
            $lockres = flock($fd, LOCK_SH);
public function write($id, $sessionData)
{
    $sessionFile = $this->getSessionFile($id);
    $result = false;
    $changePermissions = !@is_file($sessionFile);
    if ($fd = fopen($sessionFile, 'cb')) {
        if (flock($fd, LOCK_EX)) {

https://github.com/TYPO3/TYPO3.CMS/blob/571a5e8a98f94c9cab31905274ae257001dc31a7/typo3/sysext/install/Classes/Service/Session/FileSessionHandler.php#L153

Conclusion

Any (or all) of the following might be helpful:

  • use locking API in session as well and not flock() directly

Not possible because used in install tool - should not depend on locking api


Related issues

Related to TYPO3 Core - Bug #72074: FileLockStrategy fails on NFS foldersNew2015-12-06

Actions
#1

Updated by Sybille Peters about 1 month ago

  • Related to Bug #72074: FileLockStrategy fails on NFS folders added
#2

Updated by Sybille Peters about 1 month ago

  • Description updated (diff)
#3

Updated by Sybille Peters about 1 month ago

  • Description updated (diff)
#4

Updated by Sybille Peters about 1 month ago

  • Description updated (diff)

Also available in: Atom PDF