[BUGFIX] Keep session cookie if session data is present 85/30485/5
authorHelmut Hummel <helmut.hummel@typo3.org>
Sun, 1 Jun 2014 12:20:17 +0000 (14:20 +0200)
committerMarkus Klein <klein.t3@mfc-linz.at>
Sun, 1 Jun 2014 19:04:11 +0000 (21:04 +0200)
The AbstractUserAuthentication::checkAuthentication() method calls
the logoff() method on every failed login attempt.

Since a logoff also causes a removal of the cookie,
any (anonymous) session data will be left unaccessible.

Keep the cookie when session data is present.

Releases: 6.2
Resolves: #58713
Change-Id: I744456f62197a7278635d8564d4883564d954dd2
Reviewed-on: https://review.typo3.org/30485
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php

index 6960d8b..2f749e5 100644 (file)
@@ -480,8 +480,8 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
         */
        public function logoff() {
                parent::logoff();
-               // Remove the cookie on log-off
-               if ($this->isCookieSet()) {
+               // Remove the cookie on log-off, but only if we do not have an anonymous session
+               if (!$this->isExistingSessionRecord($this->id) && $this->isCookieSet()) {
                        $this->removeCookie($this->name);
                }
        }