[BUGFIX] Multiple Set-Cookie headers for deleting FE cookie

In the current master every time when removeCookie is triggered a
Set-Cookie header is generated. A cookie should only be deleted if it
was set before. As removeCookie can handle different cookie names, the
check is performed before calling removeCookie function.

Resolves: #56733
Releases: 6.2
Change-Id: I518220ce2def8d9db901b1e8daa87de745317629
Reviewed-on: https://review.typo3.org/28227
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Oliver Klee
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert

diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index eb8dae3..a0afd0a 100644 (file)
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -413,7 +413,7 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
                                // Remove session-data
                                $this->removeSessionData();
                                // Remove cookie if not logged in as the session data is removed as well
-                               if (empty($this->user['uid'])) {
+                               if (empty($this->user['uid']) && $this->isCookieSet()) {
                                        $this->removeCookie($this->name);
                                }
                        } elseif ($this->sessionDataTimestamp === NULL) {
@@ -459,7 +459,9 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
        public function logoff() {
                parent::logoff();
                // Remove the cookie on log-off
-               $this->removeCookie($this->name);
+               if ($this->isCookieSet()) {
+                       $this->removeCookie($this->name);
+               }
        }
 
        /**