Project

General

Profile

Actions

Bug #93974

closed

Failure creating frontend session identifier multiple times

Added by Oliver Hader over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2021-04-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Scenario

  • having form framework plugin on page (ext:form)
  • having login plugin on page (ext:felogin)
  • clear caches
  • load page
  • following exception is shown

→ previously handled in #93862, but not completely fixed

(1/3) #1481895005 TYPO3\CMS\Core\Session\Backend\Exception\SessionNotCreatedException
Session could not be written to database: An exception occurred while executing 'INSERT INTO `fe_sessions` (`ses_id`, `ses_data`, `ses_userid`, `ses_iplock`, `ses_tstamp`) VALUES (?, ?, ?, ?, ?)' with params ["51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a", "a:2:{s:41:\"tx_form_honeypot_name_contactform-236form\";s:22:\"gyxStf5IvNPzYF4rmTQcHD\";s:41:\"tx_form_honeypot_name_contactform-235form\";s:15:\"uLiE6a2mX3JG4U7\";}", 0, "[DISABLED]", 1619164878]: Duplicate entry '51d9555934b019c94bd167eadb5745f933904b1fa1afdef8eee72b7791229a8a' for key 'PRIMARY'

Reason

  • FrontendUserAuthentication->userSessionManager->fixateAnonymousSession($this->userSession, (bool)$this->is_permanent); called multiple times (triggered by flash message handling + form honeypot handling)
  • caused by UserSessionManager->isSessionPersisted($this->userSession) which results to true and false for consecutive invocations, session identifier is persisted and available during those cases
  • caused by UserSessionManager->getSessionFromSessionId(string $id) which "switches" evaluation for "invalid" session lock settings → ses_iplock is empty string when failing

Solution

  • separate
    • retrieving sessions data for current user (includes session IP lock) from
    • resolving existence of a particular session identifier (skips session IP lock)
  • use low level call to session storage in this regard (ignore session IP lock)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #93862: Cannot create permanent FE sessionClosed2021-04-06

Actions
Is duplicate of TYPO3 Core - Bug #93386: SessionNotCreatedException when using storeSessionData() and user not authenticatedClosed2021-01-29

Actions
Actions

Also available in: Atom PDF