[TYPO3-core] RFC: #17289: Form protection tokens get lost because of a race condition when persisting tokens
Ernesto Baschny [cron IT]
ernst at cron-it.de
Tue Jan 25 12:36:03 CET 2011
Steffen Gebert schrieb am 25.01.2011 12:20:
>> After some reports on twitter, I tried it myself: I can't log into the
>> backend anymore, as the page doesn't load. I suppose there's some
>> deadlock or infinite waiting to get a lock.
>
> After some time I get the
>> Fatal error: Maximum function nesting level of '100' reached,
>> aborting! in
>> /opt/local/apache2/vhosts/typo3dev/typo3_src/t3lib/class.t3lib_div.php
>> on line 1024
It seems that t3lib_beUserAuth->logoff() is called when no valid session
is found (which is the case on the login screen), in which case a
persistTokens() is called, which triggers a fetchUserSession() (to get
the list of tokens), which then triggers another "logoff()" (because
there is no valid session) etc etc. An endless loop. A simple abort rule
at some place should avoid that.
Sorry for not noticing that before, but I have no time until late
afternoon to check for a fix. If someone could come up with a followup
on this, please share. The trouble can be simulated without waiting for
a lock by uncommenting:
#$lockObject = $this->acquireLock();
in persistTokens() of t3lib_formprotection_BackendFormProtection.
Stack trace looks like:
1 0.0009 215264 {main}( ) ../index.php:0
2 0.0009 215724 require( '/www/shared/TYPO3core/trunk/typo3/init.php' )
../index.php:63
3 0.0353 3146228 t3lib_beUserAuth->start( ) ../init.php:423
4 0.0353 3146300 t3lib_userAuth->start( ) ../class.t3lib_beuserauth.php:145
5 0.0372 3151872 t3lib_userAuth->checkAuthentication( )
../class.t3lib_userauth.php:256
6 0.0381 3200092 t3lib_userAuth->fetchUserSession( )
../class.t3lib_userauth.php:545
7 0.0395 3209156 t3lib_beUserAuth->logoff( ) ../class.t3lib_userauth.php:852
8 0.0419 3245588 t3lib_formprotection_Abstract->clean( )
../class.t3lib_beuserauth.php:407
9 0.0419 3245588
t3lib_formprotection_BackendFormProtection->persistTokens( )
../class.t3lib_formprotection_abstract.php:82
10 0.0419 3245588
t3lib_formprotection_BackendFormProtection->updateTokens( )
../class.t3lib_formprotection_backendformprotection.php:199
11 0.0419 3245588 t3lib_userAuth->fetchUserSession( )
../class.t3lib_formprotection_backendformprotection.php:185
12 0.0426 3248672 t3lib_beUserAuth->logoff( )
../class.t3lib_userauth.php:852
13 0.0426 3248672 t3lib_formprotection_Abstract->clean( )
../class.t3lib_beuserauth.php:407
Thanks!
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list