In the current master every time when removeCookie is triggered a
Set-Cookie header is generated. A cookie should only be deleted if it
was set before. As removeCookie can handle different cookie names, the
check is performed before calling removeCookie function.
Resolves: #56733
Releases: 6.2
Change-Id: I518220ce2def8d9db901b1e8daa87de745317629
Reviewed-on: https://review.typo3.org/28227
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Oliver Klee
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
// Remove session-data
$this->removeSessionData();
// Remove cookie if not logged in as the session data is removed as well
- if (empty($this->user['uid'])) {
+ if (empty($this->user['uid']) && $this->isCookieSet()) {
$this->removeCookie($this->name);
}
} elseif ($this->sessionDataTimestamp === NULL) {
public function logoff() {
parent::logoff();
// Remove the cookie on log-off
- $this->removeCookie($this->name);
+ if ($this->isCookieSet()) {
+ $this->removeCookie($this->name);
+ }
}
/**