[TYPO3-core] Regression in 4.5.23

Steffen Müller typo3 at t3node.com
Fri Feb 22 00:09:34 CET 2013 

Hi.

As the reputed author of the original patch I'd like to put some light
on this issue. I guess we can learn some things from it.

The history of the regression
------------------------------

I created the initial patch, because session cookies in some cases did
not behave like they were supposed to do. See below [1] for detailed
description of the problem. This patch was written against the codebase
of the master branch. It was written a year ago in March, 2012 and
merged in December, 2012. At the same time it was backported to the 4.5
- 6.0 releases by a core dev.

To ensure that critical things don't break, I added a demo extension to
reproduce the issue and to verify the bugfix. The patch worked without
any problems on master branch it was verified and tested by several people.

The patch was backported and merged to the 4.5 branch by a core dev
right after merging on master. Unfortunately the codebase of 4.5 differs
from all the others, so that the original patch did not correctly work.
That's the regression we now face.

What can we learn from this issue?
-----------------------------------

1) Timespan of almost a year from submitting a patch to releasing it. As
author you probably have moved on, solved the issue otherwise and
finished + archived the project where the issue occured.

2) No review process for backporting a patch. No time between merging
original patch set and backport. No chance for me to verify/test the
backport.

3) Shit happens. Usually if a codebase differs from the original base,
applying a patch will fail with error. Also tests will fail. In this
case however, applying the patch did not fail and there were not enough
tests to detect a failure. Unhappy coincidence.

-----------------------------------------------------------------

[1] The following issue was fixed:

Expected behaviour: The session cookie id changes with each request when
no session data payload exists. When there's payload, the id is kept.
Actual behaviour (before patch): The session cookie does not change in
one case, although no real payload exists. This case occurs, whenever
session data payload has been present and was removed afterwards. The
reason: session handling failed to clear the payload, but instead left
some garbage as payload. This garbage prevented the session cookie id
from changing.
My patch fixed the removal of payload.

For more details see:
http://forge.typo3.org/issues/34964


-- 
cheers,
Steffen

TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node

More information about the TYPO3-team-core mailing list