[BUGFIX] Set correct cookie when permalogin is enabled 07/31607/8
authorGernot Schulmeister <gernotschulmeister@gmx.at>
Mon, 14 Jul 2014 21:17:37 +0000 (23:17 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Thu, 24 Jul 2014 12:21:38 +0000 (14:21 +0200)
Although permalogin is enabled we set a session cookie.
This happens because setSessionCookie is called too early
and we do not know yet whether the session should be permanent
and an according cookie shall be set or not.

Solution is to set $this->dontSetCookie = FALSE
which triggers setting the cookie at an appropriate time.

Resolves: #60264
Releases: 6.3, 6.2
Change-Id: Iad5ce8597f90c4a607a43ea4d3368d117fa6b4ed
Reviewed-on: http://review.typo3.org/31607
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Pierrick Caillon <pierrick.caillon@plan-net.fr>
Reviewed-by: Alexander Opitz <opitz.alexander@googlemail.com>
Tested-by: Jan Schreier <jan-hendrik.schreier@bits-iserlohn.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

index 0bd2587..3338f04 100644 (file)
@@ -259,7 +259,10 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
         * @return array The session data for the newly created session.
        public function createUserSession($tempuser) {
-               $this->setSessionCookie();
+               // At this point we do not know if we need to set a session or a "permanant" cookie
+               // So we force the cookie to be set after authentication took place, which will
+               // then call setSessionCookie(), which will set a cookie with correct settings.
+               $this->dontSetCookie = FALSE;
                return parent::createUserSession($tempuser);