--- t3lib/class.t3lib_userauth.php.orig	2009-07-03 21:36:57.000000000 +0200
+++ t3lib/class.t3lib_userauth.php	2010-02-10 12:49:14.000000000 +0100
@@ -212,7 +212,7 @@
 		$mode = '';
 		$this->newSessionID = FALSE;
 			// $id is set to ses_id if cookie is present. Else set to false, which will start a new session
-		$id = isset($_COOKIE[$this->name]) ? stripslashes($_COOKIE[$this->name]) : '';
+		$id = $this->getCookie($this->name);
 		$this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
 		$this->svConfig = $TYPO3_CONF_VARS['SVCONF']['auth'];
 
@@ -326,6 +326,35 @@
 	}
 
 	/**
+	 * Get a specific cookie.
+	 *
+	 * Use HTTP_COOKIE, if available, to avoid a IE8 bug where multiple
+	 * cookies with the same name might be returned if the user accessed
+	 * the site without "www." first and switched to "www." later:
+	 *   Cookie: fe_typo_user=AAA; fe_typo_user=BBB
+	 * In this case PHP will set _COOKIE as the first cookie, when we
+	 * would need the last one (which is what this function then does).
+	 *
+	 * @param	string		The cookie ID
+	 * @return	string		The value stored in the cookie
+	 */
+	function getCookie($cookieName) {
+		if (isset($_SERVER['HTTP_COOKIE'])) {
+			$cookies = t3lib_div::trimExplode(';', $_SERVER['HTTP_COOKIE']);
+			foreach ($cookies as $cookie) {
+				list ($name, $value) = split('=', $cookie);
+				if ($name == $cookieName) {
+					// Use the last one
+					$cookieValue = stripslashes($value);
+				}
+			}
+		} else {
+			$cookieValue = isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
+		}
+		return $cookieValue;
+	}
+
+	/**
 	 * Determine whether there's an according session record to a given session_id
 	 * in the database. Don't care if session record is still valid or not.
 	 *