Important: #102906 - Prevent Extbase errorAction from writing session data

Description

Previously, validation errors handled implicitly by the Extbase ActionController::errorAction() persisted the resulting FlashMessage items to the user session. If no session existed, a new session was generated and a session cookie was sent to the client. This behavior could lead to automated crawlers generating a large number of unnecessary sessions.

When errorAction() is invoked (for example, due to validation errors), flash messages are no longer persisted to the session but are instead transferred with the corresponding ForwardResponse.

The implementation introduces two new public methods in \TYPO3\CMS\Extbase\Http\ForwardResponse:

withFlashMessages(FlashMessage ...$flashMessages) - Adds flash messages to the forward response
getFlashMessages() - Retrieves flash messages from the forward response

Flash messages are transferred through ExtbaseRequestParameters when forwarding requests and are restored from ExtbaseRequestParameters in ActionController::initializeStateFromExtbaseRequestParameters().

Hint

Custom code that overrides the internal methods ActionController::processRequest() or ActionController::forwardToReferringRequest() may need to be adjusted to benefit from this change. Ensure that your custom implementations properly handle flash messages via \TYPO3\CMS\Extbase\Http\ForwardResponse when forwarding requests from the error action.