Project

General

Profile

Actions

Bug #93974

closed

Failure creating frontend session identifier multiple times

Added by Oliver Hader over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2021-04-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Scenario

  • having form framework plugin on page (ext:form)
  • having login plugin on page (ext:felogin)
  • clear caches
  • load page
  • following exception is shown

→ previously handled in #93862, but not completely fixed

(1/3) #1481895005 TYPO3\CMS\Core\Session\Backend\Exception\SessionNotCreatedException
Session could not be written to database: An exception occurred while executing 'INSERT INTO `fe_sessions` (`ses_id`, `ses_data`, `ses_userid`, `ses_iplock`, `ses_tstamp`) VALUES (?, ?, ?, ?, ?)' with params ["51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a", "a:2:{s:41:\"tx_form_honeypot_name_contactform-236form\";s:22:\"gyxStf5IvNPzYF4rmTQcHD\";s:41:\"tx_form_honeypot_name_contactform-235form\";s:15:\"uLiE6a2mX3JG4U7\";}", 0, "[DISABLED]", 1619164878]: Duplicate entry '51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a' for key 'PRIMARY'

Reason

  • FrontendUserAuthentication->userSessionManager->fixateAnonymousSession($this->userSession, (bool)$this->is_permanent); called multiple times (triggered by flash message handling + form honeypot handling)
  • caused by UserSessionManager->isSessionPersisted($this->userSession) which results to true and false for consecutive invocations, session identifier is persisted and available during those cases
  • caused by UserSessionManager->getSessionFromSessionId(string $id) which "switches" evaluation for "invalid" session lock settings → ses_iplock is empty string when failing

Solution

  • separate
    • retrieving sessions data for current user (includes session IP lock) from
    • resolving existence of a particular session identifier (skips session IP lock)
  • use low level call to session storage in this regard (ignore session IP lock)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #93862: Cannot create permanent FE sessionClosed2021-04-06

Actions
Is duplicate of TYPO3 Core - Bug #93386: SessionNotCreatedException when using storeSessionData() and user not authenticatedClosed2021-01-29

Actions
Actions #1

Updated by Oliver Hader over 3 years ago

  • Related to Bug #93862: Cannot create permanent FE session added
Actions #2

Updated by Oliver Hader over 3 years ago

  • Is Regression set to Yes
Actions #3

Updated by Oliver Bartsch over 3 years ago

Hi, there are already some issues for this bug, see #93386 and #93421.
Since there is also already a pending patch (https://review.typo3.org/c/Packages/TYPO3.CMS/+/67637), what do you think, should we test, and if necessary, improve that one?

Actions #4

Updated by Oliver Hader over 3 years ago

Interesting, I searched for that (https://review.typo3.org/q/UserSessionManager) and did not find anything on Gerrit.

Actions #5

Updated by Oliver Hader over 3 years ago

  • Is duplicate of Bug #93386: SessionNotCreatedException when using storeSessionData() and user not authenticated added
Actions #6

Updated by Oliver Hader over 3 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF