[BUGFIX] Session cookie is not recreated on login 26/29626/2
authorMarkus Klein <klein.t3@mfc-linz.at>
Wed, 23 Apr 2014 21:09:08 +0000 (23:09 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Mon, 28 Apr 2014 14:26:31 +0000 (16:26 +0200)
In case login data is submitted and there is an existing cookie/session
the current session is discarded and the current cookie is unset.
Subsequently the login data is processed and login succeeds and a
new session is established, but the new cookie is not set.

Fix this be correctly remembering that we need to set a new cookie,
after we disposed the current one.

Resolves: #57751
Releases: 6.2
Change-Id: I2e4b4a381b4e557aeb95c4186c6e5365dbea442a
Reviewed-on: https://review.typo3.org/29626
Reviewed-by: Fabien Udriot
Reviewed-by: Stefan Neufeind
Reviewed-by: Robbert V
Tested-by: Robbert V
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader

index 6a63001..05ed944 100644 (file)
@@ -706,6 +706,7 @@ abstract class AbstractUserAuthentication {
                                // Delete old user session if any
+                               $this->newSessionID = TRUE;
                        // Refuse login for _CLI users, if not processing a CLI request type
                        // (although we shouldn't be here in case of a CLI request type)