[BUGFIX] rsaauth: remove session-cookie when no longer used 12/32212/4
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Sun, 17 Aug 2014 23:07:47 +0000 (01:07 +0200)
committerFrank Naegler <frank.naegler@typo3.org>
Mon, 25 Apr 2016 13:36:30 +0000 (15:36 +0200)
When deleting the rsa key from the database we now remove the PHP cookie
as well in order to keep the system cleaned up.

Change-Id: I037deabf0a60e6ad785678b60424b3cc49af77b0
Resolves: #61016
Releases: master, 7.6
Reviewed-on: https://review.typo3.org/32212
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php

index 1929add..8839ba8 100644 (file)
@@ -79,6 +79,13 @@ class SplitStorage extends AbstractStorage
             if (MathUtility::canBeInterpretedAsInteger($keyId)) {
                 $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
                 unset($_SESSION['tx_rsaauth_key']);
+                if (empty($_SESSION)) {
+                    $sessionName = session_name();
+                    $sessionCookie = session_get_cookie_params();
+                    session_destroy();
+                    // By using setcookie with the second parameter set to false we actually delete the cookie
+                    setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']);
+                }
             }
         } else {
             // Add key