Fixed bug #13470: Session/Login not working in IE8 across subdomains
authorErnesto Baschny <ernst@cron-it.de>
Wed, 24 Feb 2010 19:26:42 +0000 (19:26 +0000)
committerErnesto Baschny <ernst@cron-it.de>
Wed, 24 Feb 2010 19:26:42 +0000 (19:26 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7027 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_userauth.php

index 49fe710..76839da 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-02-24  Ernesto Baschny  <ernst@cron-it.de>
+
+       * Fixed bug #13470: Session/Login not working in IE8 across subdomains 
+
 2010-02-24  Steffen Kamper  <info@sk-typo3.de>
 
        * Fixed bug #13637: [EM] Upload to TER is broken
index c42beb6..ef70659 100644 (file)
@@ -218,7 +218,7 @@ class t3lib_userAuth {
                $mode = '';
                $this->newSessionID = FALSE;
                        // $id is set to ses_id if cookie is present. Else set to false, which will start a new session
-               $id = isset($_COOKIE[$this->name]) ? stripslashes($_COOKIE[$this->name]) : '';
+               $id = $this->getCookie($this->name);
                $this->svConfig = $TYPO3_CONF_VARS['SVCONF']['auth'];
 
                        // if we have a flash client, take the ID from the GP
@@ -386,6 +386,36 @@ class t3lib_userAuth {
        }
 
        /**
+        * Get the value of a specified cookie.
+        *
+        * Uses HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
+        * cookies with the same name might be returned if the user accessed
+        * the site without "www." first and switched to "www." later:
+        *   Cookie: fe_typo_user=AAA; fe_typo_user=BBB
+        * In this case PHP will set _COOKIE as the first cookie, when we
+        * would need the last one (which is what this function then returns).
+        *
+        * @param       string          The cookie ID
+        * @return      string          The value stored in the cookie
+        */
+       protected function getCookie($cookieName) {
+               if (isset($_SERVER['HTTP_COOKIE'])) {
+                       $cookies = t3lib_div::trimExplode(';', $_SERVER['HTTP_COOKIE']);
+                       foreach ($cookies as $cookie) {
+                               list ($name, $value) = split('=', $cookie);
+                               if ($name == $cookieName) {
+                                       // Use the last one
+                                       $cookieValue = stripslashes($value);
+                               }
+                       }
+               } else {
+                       // Fallback if there is no HTTP_COOKIE, use original method:
+                       $cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
+               }
+               return $cookieValue;
+       }
+
+       /**
         * Determine whether a session cookie needs to be set (lifetime=0)
         *
         * @return      boolean