TYPO3.Flow

//edit: nevermind initial description; the actual point is: if my action is named like below ("authenticationRequired"), the exception occurs as described. However, if I rename the action to something else, even maybe "authRequired", the problem does not occur.
I verified that definitely with a fresh cache-flush and warmup and a very fresh browser instance each time...

-------
(following is obsolete):

consider the following use case:

 1    security:
 2      authentication:
 3        providers:
 4          DefaultProvider:
 5            provider: 'PersistedUsernamePasswordProvider'
 6            entryPoint: 'WebRedirect'
 7            entryPointOptions:
 8              routeValues:
 9                '@package': 'Acme.Acme'
10                '@controller': 'Authentication'
11                '@action': 'authenticationRequired'

1// AuthenticationController:
2public function authenticationRequiredAction() {
3    $this->addFlashMessage('You must be logged in to see this page');
4
5        // not necessary to reproduce, but to show the intention:
6    #$this->forward('login');
7}



	
#1: Notice: unserialize(): Error at offset 12196 of 12384 bytes in ...\TYPO3.Flow\Classes\TYPO3\Flow\Cache\Frontend\VariableFrontend.php line 80

The following is the end of the serialized content:

controllerActionName";s:5:"index";s:12:" * arguments";a:0:{}s:20:" * internalArguments";a:1:{s:11:"__csrfToken";s:32:"8dc6e96bfbed85aec3b0ea7c45d6bc85";}s:18:" * pluginArguments";a:0:{}s:20:" * argumentNamespace";s:0:"";s:9:" * format";s:4:"html";s:13:" * dispatched";b:1;s:16:" * parentRequest";r:65;s:14:" * rootRequest";r:65;s:19:" * referringRequest";N;}}i:2;O:47:"TYPO3\Fluid\Core\Widget\AjaxWidgetContextHolder":2:{s:23:" * nextFreeAjaxWidgetId";i:0;s:17:" * widgetContexts";a:0:{}}}

The offset 12196 is exactly the (last) semicolon at rootRequest";r:65;, so maybe a recursion fails or something...

That VariableFrontend access, btw, comes with TYPO3\Flow\Session\Session_Original::resume().

Can you (please) reproduce this? Just adding that ->addFlashMessage() to a WebEntryPoint'ed controller action and hitting a secured page (letting the WebEntryPoint kick in) with a fresh session should show the error.