[BUGFIX] FE session transfer is broken
authorDmitry Dulepov <dmitry@typo3.org>
Tue, 28 Jun 2011 12:25:04 +0000 (15:25 +0300)
committerDmitry Dulepov <dmitry@typo3.org>
Fri, 9 Sep 2011 10:52:48 +0000 (12:52 +0200)
The fix for #M13740 (revision 3a3a8d81) breaks FE session
transfer across top level domains.

Method tslib_fe::initFEuser() checks if there is a special
URL parameter named FE_SESSION_KEY. If that exists, it sets
$_COOKIE[$this->fe_user->name] to the passed session value.
This is very useful when using RealURL's feature to make
different language domains but use the same user for all
domains (multilanguage countries like Switzerland
or Belgium love that). However this is broken by using
$_SERVER['HTTP_COOKIE'] for FE session cookie. tslib_fe
has to be adjusted to set the same cookie.

Change-Id: Ieb77834d95ffc9f7a44bc4e739df65035be22339
Resolves: #27740
Releases: 4.4, 4.5, 4.6
Reviewed-on: http://review.typo3.org/2948
Reviewed-by: Dmitry Dulepov
Tested-by: Dmitry Dulepov
typo3/sysext/cms/tslib/class.tslib_fe.php

index a70f572..153957a 100644 (file)
                if (t3lib_div::_GP('FE_SESSION_KEY'))   {
                        $fe_sParts = explode('-',t3lib_div::_GP('FE_SESSION_KEY'));
                        if (!strcmp(md5($fe_sParts[0].'/'.$this->TYPO3_CONF_VARS['SYS']['encryptionKey']), $fe_sParts[1]))      {       // If the session key hash check is OK:
-                               $_COOKIE[tslib_feUserAuth::getCookieName()] = $fe_sParts[0];
+                               $cookieName = tslib_feUserAuth::getCookieName();
+                               $_COOKIE[$cookieName] = $fe_sParts[0];
+                               if (isset($_SERVER['HTTP_COOKIE'])) {
+                                               // See http://forge.typo3.org/issues/27740
+                                       $_SERVER['HTTP_COOKIE'] .= ';' . $cookieName . '=' . $fe_sParts[0];
+                               }
                                $this->fe_user->forceSetCookie = 1;
+                               unset($cookieName);
                        }
                }