[BUGFIX] Do not remove FE session cookie if fe_user is logged in 69/37869/2
authorMarkus Klein <klein.t3@reelworx.at>
Tue, 24 Feb 2015 11:48:14 +0000 (12:48 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 15 Mar 2015 21:08:31 +0000 (22:08 +0100)
We ensure that the session cookie is preserved when a user is logged in
and the fe_login_mode is set to "all".

Resolves: #65223
Releases: master, 6.2
Change-Id: Id9e9d56b90215f6e0d7310ff191ab4488a802bb0
Reviewed-on: http://review.typo3.org/37869
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

index 3338f04..f7e0fdd 100644 (file)
@@ -115,6 +115,11 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
        protected $sessionDataTimestamp = NULL;
 
        /**
+        * @var bool
+        */
+       protected $loginHidden = FALSE;
+
+       /**
         * Default constructor.
         */
        public function __construct() {
@@ -425,7 +430,7 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
                                // Remove session-data
                                $this->removeSessionData();
                                // Remove cookie if not logged in as the session data is removed as well
-                               if (empty($this->user['uid']) && $this->isCookieSet()) {
+                               if (empty($this->user['uid']) && !$this->loginHidden && $this->isCookieSet()) {
                                        $this->removeCookie($this->name);
                                }
                        } elseif ($this->sessionDataTimestamp === NULL) {
@@ -641,4 +646,17 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
                return $count;
        }
 
+       /**
+        * Hide the current login
+        *
+        * This is used by the fe_login_mode feature for pages.
+        * A current login is unset, but we remember that there has been one.
+        *
+        * @return void
+        */
+       public function hideActiveLogin() {
+               $this->user = NULL;
+               $this->loginHidden = TRUE;
+       }
+
 }
index 296f1b6..70df9ed 100644 (file)
@@ -1408,7 +1408,7 @@ class TypoScriptFrontendController {
                        if ($this->isUserOrGroupSet()) {
                                if ($this->loginAllowedInBranch_mode == 'all') {
                                        // Clear out user and group:
-                                       unset($this->fe_user->user);
+                                       $this->fe_user->hideActiveLogin();
                                        $this->gr_list = '0,-1';
                                } else {
                                        $this->gr_list = '0,-2';