[BUGFIX] FE session transfer is broken
authorDmitry Dulepov <dmitry@typo3.org>
Mon, 4 Jul 2011 14:41:13 +0000 (16:41 +0200)
committerDmitry Dulepov <dmitry@typo3.org>
Fri, 9 Sep 2011 12:00:31 +0000 (14:00 +0200)
The fix for #M13740 (revision 3a3a8d81) breaks FE session
transfer across top level domains.

Method tslib_fe::initFEuser() checks if there is a special
URL parameter named FE_SESSION_KEY. If that exists, it sets
$_COOKIE[$this->fe_user->name] to the passed session value.
This is very useful when using RealURL's feature to make
different language domains but use the same user for all
domains (multilanguage countries like Switzerland
or Belgium love that). However this is broken by using
$_SERVER['HTTP_COOKIE'] for FE session cookie. tslib_fe
has to be adjusted to set the same cookie.

Change-Id: I9042b8668cd392bfd95262481918683e886da32d
Resolves: #27740
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/3034
Reviewed-by: Stefan Neufeind
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
typo3/sysext/cms/tslib/class.tslib_fe.php

index 04e6983..6de3af5 100644 (file)
                        $fe_sParts = explode('-',t3lib_div::_GP('FE_SESSION_KEY'));
                        if (!strcmp(md5($fe_sParts[0].'/'.$this->TYPO3_CONF_VARS['SYS']['encryptionKey']), $fe_sParts[1]))      {       // If the session key hash check is OK:
                                $_COOKIE[$this->fe_user->name] = $fe_sParts[0];
+                               if (isset($_SERVER['HTTP_COOKIE'])) {
+                                               // See http://forge.typo3.org/issues/27740
+                                       $_SERVER['HTTP_COOKIE'] .= ';' . $this->fe_user->name . '=' . $fe_sParts[0];
+                               }
                                $this->fe_user->forceSetCookie = 1;
                        }
                }