TYPO3 Core

While the locking API makes it possible to configure and extend the locking with alternatives (e.g. Redis), this is not possible for locking used in the session files.

This uses flock() directly, which may fail on NFS bases storages (see #72074).

It is not possible to override this.

If this is not known, this can be a problem.

My recommendation / workaround is to symlink specific directories to local storage. However, this is currently not documented well and may create problems if you for example symlink the entire directories (including the assets) and use multiple servers.

In addition to this, if flock() fails for the session file, you get a misleading error message:

'Session file not writable. Please check permission on ' . 
$this->sessionPath . ' and its subdirectories.',
1424355157

Source code¶

typo3/sysext/install/Classes/Service/Session/FileSessionHandler.php:

public function read($id)
{
    $sessionFile = $this->getSessionFile($id);
    $content = '';
    if (file_exists($sessionFile)) {
        if ($fd = fopen($sessionFile, 'rb')) {
            $lockres = flock($fd, LOCK_SH);

public function write($id, $sessionData)
{
    $sessionFile = $this->getSessionFile($id);
    $result = false;
    $changePermissions = !@is_file($sessionFile);
    if ($fd = fopen($sessionFile, 'cb')) {
        if (flock($fd, LOCK_EX)) {

https://github.com/TYPO3/TYPO3.CMS/blob/571a5e8a98f94c9cab31905274ae257001dc31a7/typo3/sysext/install/Classes/Service/Session/FileSessionHandler.php#L153

Conclusion¶

Any (or all) of the following might be helpful:

• use locking API in session as well and not flock() directly

Not possible because used in install tool - should not depend on locking api

• add a check if flock is supported on system to environment check, see also https://review.typo3.org/c/Packages/TYPO3.CMS/+/45154/3/typo3/sysext/core/Classes/Locking/FileLockStrategy.php
• improve documentation
• improve error message