[4.2.0] checkToken falling into infinite loop of new session

[Chaosxmk]

Steps to reproduce the issue

1. Perform an action that passes through Joomla\CMS\MVC\Controller\BaseController::checkToken() or Joomla\CMS\Session\Session::checkToken()

Expected result

Token is verified as valid or invalid

Actual result

Occasionally, token is becomes trapped inside if ($app->getSession()->isNew()) {, never generating a new token nor validating it.

Additional comments

This is quite possibly the most aggravating bug I keep inducing accidentally. I have no idea what it is exactly that I'm doing to trip it, but after a lot of debugging I've noted that in Joomla\CMS\Session\Session::checkToken(), I always fall into if ($app->getSession()->isNew()) {, then when retrying to check the token, it repeats itself. The only solution I've found to "fix" the session is completely empty the session table in the database and delete all cookies/session variables and refresh the page.

I don't expect anyone could solve this considering I can't narrow down a reproduce-able list of steps to take, but I'm reporting it just in case someone can.

[Hackwar]

Do you still have this issue? I went through the code and can't see an issue there. ☹️

[Chaosxmk]

On very rare occasions, I've had the bug recur, but I'm never able to properly reproduce the issue intentionally, nor am I able to diagnose the issue further that what I noted in the initial issue.