From: Nicole Cordes <typo3@cordes.co>
Date: Mon, 10 Mar 2014 15:21:29 +0000 (+0100)
Subject: [BUGFIX] Multiple Set-Cookie headers for deleting FE cookie
X-Git-Tag: TYPO3_6-2-0beta7~142
X-Git-Url: http://git.typo3.org/Packages/TYPO3.CMS.git/commitdiff_plain/e84e675b63c3d37aeadd9d006a05c9cd6a149979?ds=sidebyside

[BUGFIX] Multiple Set-Cookie headers for deleting FE cookie

In the current master every time when removeCookie is triggered a
Set-Cookie header is generated. A cookie should only be deleted if it
was set before. As removeCookie can handle different cookie names, the
check is performed before calling removeCookie function.

Resolves: #56733
Releases: 6.2
Change-Id: I518220ce2def8d9db901b1e8daa87de745317629
Reviewed-on: https://review.typo3.org/28227
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Oliver Klee
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
---

diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index eb8dae324f9a..a0afd0aa286b 100644
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -413,7 +413,7 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
 				// Remove session-data
 				$this->removeSessionData();
 				// Remove cookie if not logged in as the session data is removed as well
-				if (empty($this->user['uid'])) {
+				if (empty($this->user['uid']) && $this->isCookieSet()) {
 					$this->removeCookie($this->name);
 				}
 			} elseif ($this->sessionDataTimestamp === NULL) {
@@ -459,7 +459,9 @@ class FrontendUserAuthentication extends \TYPO3\CMS\Core\Authentication\Abstract
 	public function logoff() {
 		parent::logoff();
 		// Remove the cookie on log-off
-		$this->removeCookie($this->name);
+		if ($this->isCookieSet()) {
+			$this->removeCookie($this->name);
+		}
 	}
 
 	/**