Bug #9532

FLOW3 looses session data / tokens if scope session is used elsewhere

Added by Robert Lemke over 11 years ago. Updated over 11 years ago.

Must have
Start date:
Due date:
% Done:


Estimated time:
PHP Version:
Has patch:


In the TYPO3 package I started implementing a TYPO3-specific session class:

 * A TYPO3 Session
 * @license http://www.gnu.org/licenses/gpl.html GNU General Public License, version 3 or later
 * @scope session
class Session {

     * @var \F3\PHPCR\SessionInterface
    protected $contentRepositorySession;

     * Constructs the TYPO3 Session.
     * This logs in at the Content Repository with the currently logged in
     * TYPO3 user and attaches the CR's session to this TYPO3 session.
     * @param \F3\PHPCR\RepositoryInterface $contentRepository
     * @param \F3\FLOW3\Security\Context $securityContext
     * @author Robert Lemke <robert@typo3.org>
    public function __construct(\F3\PHPCR\RepositoryInterface $contentRepository, \F3\FLOW3\Security\Context $securityContext) {
        $account = $securityContext->getAccount();
        $workspaceName = ($account !== NULL) ? 'user-' . $account->getAccountIdentifier() : 'live';
        $this->contentRepositorySession = $contentRepository->login(NULL, $workspaceName);

     * Returns the current content repository session, if any
     * @return \F3\PHPCR\SessionInterface
     * @author Robert Lemke <robert@typo3.org>
    public function getContentRepositorySession() {
     return $this->contentRepositorySession;

So, essentially TYPO3 Session objects contain a reference to a CR session (which is of scope prototype) and some other objects attached to that session.

Now, when I login to the TYPO3 backend and then afterwards call a controller (in this case a Node service controller) which accesses this TYPO3 session, I loose the UsernamePassword token and therefore need to authenticate again. When I disable the @scope session of the TYPO3 Session class, I don't have to re-authenticate.


Updated by Robert Lemke over 11 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF