From: Nicole Cordes Date: Mon, 10 Mar 2014 15:21:29 +0000 (+0100) Subject: [BUGFIX] Multiple Set-Cookie headers for deleting FE cookie X-Git-Tag: TYPO3_6-2-0beta7~142 X-Git-Url: http://git.typo3.org/Packages/TYPO3.CMS.git/commitdiff_plain/e84e675b63c3d37aeadd9d006a05c9cd6a149979?ds=sidebyside [BUGFIX] Multiple Set-Cookie headers for deleting FE cookie In the current master every time when removeCookie is triggered a Set-Cookie header is generated. A cookie should only be deleted if it was set before. As removeCookie can handle different cookie names, the check is performed before calling removeCookie function. Resolves: #56733 Releases: 6.2 Change-Id: I518220ce2def8d9db901b1e8daa87de745317629 Reviewed-on: https://review.typo3.org/28227 Reviewed-by: Alexander Opitz Tested-by: Alexander Opitz Reviewed-by: Oliver Klee Reviewed-by: Jigal van Hemert Tested-by: Jigal van Hemert --- diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php index eb8dae324f9a..a0afd0aa286b 100644 --- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php +++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php @@ -413,7 +413,7 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract // Remove session-data $this->removeSessionData(); // Remove cookie if not logged in as the session data is removed as well - if (empty($this->user['uid'])) { + if (empty($this->user['uid']) && $this->isCookieSet()) { $this->removeCookie($this->name); } } elseif ($this->sessionDataTimestamp === NULL) { @@ -459,7 +459,9 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract public function logoff() { parent::logoff(); // Remove the cookie on log-off - $this->removeCookie($this->name); + if ($this->isCookieSet()) { + $this->removeCookie($this->name); + } } /**