From: Stefan Neufeind Date: Sun, 17 Aug 2014 23:07:47 +0000 (+0200) Subject: [BUGFIX] rsaauth: remove session-cookie when no longer used X-Git-Tag: TYPO3_8-1-0~34 X-Git-Url: http://git.typo3.org/Packages/TYPO3.CMS.git/commitdiff_plain/49bf0d8892630315fb29b0d36aab3c5abf96a6a8?ds=sidebyside [BUGFIX] rsaauth: remove session-cookie when no longer used When deleting the rsa key from the database we now remove the PHP cookie as well in order to keep the system cleaned up. Change-Id: I037deabf0a60e6ad785678b60424b3cc49af77b0 Resolves: #61016 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/32212 Reviewed-by: Mathias Schreiber Tested-by: Mathias Schreiber Tested-by: Stefan Neufeind Tested-by: Nicole Cordes Reviewed-by: Frank Naegler Tested-by: Frank Naegler --- diff --git a/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php b/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php index 1929addec6cc..8839ba83c986 100644 --- a/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php +++ b/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php @@ -79,6 +79,13 @@ class SplitStorage extends AbstractStorage if (MathUtility::canBeInterpretedAsInteger($keyId)) { $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId); unset($_SESSION['tx_rsaauth_key']); + if (empty($_SESSION)) { + $sessionName = session_name(); + $sessionCookie = session_get_cookie_params(); + session_destroy(); + // By using setcookie with the second parameter set to false we actually delete the cookie + setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']); + } } } else { // Add key