TYPO3 Core

Scenario¶

• having form framework plugin on page (ext:form)
• having login plugin on page (ext:felogin)
• clear caches
• load page
• following exception is shown

→ previously handled in #93862, but not completely fixed

(1/3) #1481895005 TYPO3\CMS\Core\Session\Backend\Exception\SessionNotCreatedException
Session could not be written to database: An exception occurred while executing 'INSERT INTO `fe_sessions` (`ses_id`, `ses_data`, `ses_userid`, `ses_iplock`, `ses_tstamp`) VALUES (?, ?, ?, ?, ?)' with params ["51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a", "a:2:{s:41:\"tx_form_honeypot_name_contactform-236form\";s:22:\"gyxStf5IvNPzYF4rmTQcHD\";s:41:\"tx_form_honeypot_name_contactform-235form\";s:15:\"uLiE6a2mX3JG4U7\";}", 0, "[DISABLED]", 1619164878]: Duplicate entry '51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a' for key 'PRIMARY'

Reason¶

• FrontendUserAuthentication->userSessionManager->fixateAnonymousSession($this->userSession, (bool)$this->is_permanent); called multiple times (triggered by flash message handling + form honeypot handling)
• caused by UserSessionManager->isSessionPersisted($this->userSession) which results to true and false for consecutive invocations, session identifier is persisted and available during those cases
• caused by UserSessionManager->getSessionFromSessionId(string $id) which "switches" evaluation for "invalid" session lock settings → ses_iplock is empty string when failing

Solution¶

• separate
  • retrieving sessions data for current user (includes session IP lock) from
  • resolving existence of a particular session identifier (skips session IP lock)
• use low level call to session storage in this regard (ignore session IP lock)