[BUGFIX] Do not remove FE session cookie if fe_user is logged in 60/37160/4
authorMarkus Klein <klein.t3@reelworx.at>
Tue, 24 Feb 2015 11:48:14 +0000 (12:48 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 15 Mar 2015 21:00:46 +0000 (22:00 +0100)
We ensure that the session cookie is preserved when a user is logged in
and the fe_login_mode is set to "all".

Resolves: #65223
Releases: master, 6.2
Change-Id: Id9e9d56b90215f6e0d7310ff191ab4488a802bb0
Reviewed-on: http://review.typo3.org/37160
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Reviewed-by: Frank Nägler <typo3@naegler.net>
Reviewed-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: Stephan Großberndt <stephan@grossberndt.de>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

index f2db9bc..260097a 100644 (file)
@@ -110,6 +110,11 @@ class FrontendUserAuthentication extends AbstractUserAuthentication {
        protected $sessionDataTimestamp = NULL;
 
        /**
+        * @var bool
+        */
+       protected $loginHidden = FALSE;
+
+       /**
         * Default constructor.
         */
        public function __construct() {
@@ -411,7 +416,7 @@ class FrontendUserAuthentication extends AbstractUserAuthentication {
                                // Remove session-data
                                $this->removeSessionData();
                                // Remove cookie if not logged in as the session data is removed as well
-                               if (empty($this->user['uid']) && $this->isCookieSet()) {
+                               if (empty($this->user['uid']) && !$this->loginHidden && $this->isCookieSet()) {
                                        $this->removeCookie($this->name);
                                }
                        } elseif ($this->sessionDataTimestamp === NULL) {
@@ -623,4 +628,17 @@ class FrontendUserAuthentication extends AbstractUserAuthentication {
                return $count;
        }
 
+       /**
+        * Hide the current login
+        *
+        * This is used by the fe_login_mode feature for pages.
+        * A current login is unset, but we remember that there has been one.
+        *
+        * @return void
+        */
+       public function hideActiveLogin() {
+               $this->user = NULL;
+               $this->loginHidden = TRUE;
+       }
+
 }
index 166f25a..9c41639 100644 (file)
@@ -1319,7 +1319,7 @@ class TypoScriptFrontendController {
                        if ($this->isUserOrGroupSet()) {
                                if ($this->loginAllowedInBranch_mode == 'all') {
                                        // Clear out user and group:
-                                       unset($this->fe_user->user);
+                                       $this->fe_user->hideActiveLogin();
                                        $this->gr_list = '0,-1';
                                } else {
                                        $this->gr_list = '0,-2';