Fixed bug #13470: Session/Login not working in IE8 across subdomains
authorErnesto Baschny <ernst@cron-it.de>
Wed, 24 Feb 2010 19:35:50 +0000 (19:35 +0000)
committerErnesto Baschny <ernst@cron-it.de>
Wed, 24 Feb 2010 19:35:50 +0000 (19:35 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@7029 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_userauth.php

index ffd73ed..b7887ee 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-02-24  Ernesto Baschny  <ernst@cron-it.de>
 
        * Fixed bug #13258: Make TYPO3 v4.2 work again with PHP 5.1 (was broke since the case since 4.2.11)
+       * Fixed bug #13470: Session/Login not working in IE8 across subdomains 
 
 2010-02-24  Steffen Kamper  <info@sk-typo3.de>
 
index ce49d6c..50be1df 100755 (executable)
@@ -212,7 +212,7 @@ class t3lib_userAuth {
                $mode = '';
                $this->newSessionID = FALSE;
                        // $id is set to ses_id if cookie is present. Else set to false, which will start a new session
-               $id = isset($_COOKIE[$this->name]) ? stripslashes($_COOKIE[$this->name]) : '';
+               $id = $this->getCookie($this->name);
                $this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
                $this->svConfig = $TYPO3_CONF_VARS['SVCONF']['auth'];
 
@@ -326,6 +326,66 @@ class t3lib_userAuth {
        }
 
        /**
+        * Get the value of a specified cookie.
+        *
+        * Uses HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
+        * cookies with the same name might be returned if the user accessed
+        * the site without "www." first and switched to "www." later:
+        *   Cookie: fe_typo_user=AAA; fe_typo_user=BBB
+        * In this case PHP will set _COOKIE as the first cookie, when we
+        * would need the last one (which is what this function then returns).
+        *
+        * @param       string          The cookie ID
+        * @return      string          The value stored in the cookie
+        */
+       protected function getCookie($cookieName) {
+               if (isset($_SERVER['HTTP_COOKIE'])) {
+                       $cookies = t3lib_div::trimExplode(';', $_SERVER['HTTP_COOKIE']);
+                       foreach ($cookies as $cookie) {
+                               list ($name, $value) = split('=', $cookie);
+                               if ($name == $cookieName) {
+                                       // Use the last one
+                                       $cookieValue = stripslashes($value);
+                               }
+                       }
+               } else {
+                       // Fallback if there is no HTTP_COOKIE, use original method:
+                       $cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
+               }
+               return $cookieValue;
+       }
+
+       /**
+        * Get the value of a specified cookie.
+        *
+        * Uses HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
+        * cookies with the same name might be returned if the user accessed
+        * the site without "www." first and switched to "www." later:
+        *   Cookie: fe_typo_user=AAA; fe_typo_user=BBB
+        * In this case PHP will set _COOKIE as the first cookie, when we
+        * would need the last one (which is what this function then returns).
+        *
+        * @param       string          The cookie ID
+        * @return      string          The value stored in the cookie
+        */
+       protected function getCookie($cookieName) {
+               if (isset($_SERVER['HTTP_COOKIE'])) {
+                       $cookies = t3lib_div::trimExplode(';', $_SERVER['HTTP_COOKIE']);
+                       foreach ($cookies as $cookie) {
+                               list ($name, $value) = split('=', $cookie);
+                               if ($name == $cookieName) {
+                                       // Use the last one
+                                       $cookieValue = stripslashes($value);
+                               }
+                       }
+               } else {
+                       // Fallback if there is no HTTP_COOKIE, use original method:
+                       $cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
+               }
+               return $cookieValue;
+       }
+
+       /**
         * Determine whether a session cookie needs to be set (lifetime=0)
         *
         * @return      boolean