Project

General

Profile

Actions

Bug #29730

closed

transfer a session with FE_SESSION_KEY

Added by tobi no-lastname-given about 13 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-09-13
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

If you use the FE_SESSION_KEY the sessionid is written in $_COOKIE[$this->fe_user->name] (tslib_fe::initFEuser()). Later in the workflow the skript looks for the sessionid in $_SERVER['HTTP_COOKIE'] (t3lib_userauth::getCookie()). But the sessionid was stored in $_COOKIE.

Here is my fixed version of tslib_fe::initFEuser():
function initFEuser() {
$this->fe_user = t3lib_div::makeInstance('tslib_feUserAuth');

$this->fe_user->lockIP = $this->TYPO3_CONF_VARS['FE']['lockIP'];
$this->fe_user->checkPid = $this->TYPO3_CONF_VARS['FE']['checkFeUserPid'];
$this->fe_user->lifetime = intval($this->TYPO3_CONF_VARS['FE']['lifetime']);
$this->fe_user->checkPid_value = $GLOBALS['TYPO3_DB']->cleanIntList(t3lib_div::_GP('pid')); // List of pid's acceptable
// Check if a session is transferred:
if (t3lib_div::_GP('FE_SESSION_KEY')) {
$fe_sParts = explode('-',t3lib_div::_GP('FE_SESSION_KEY'));
if (!strcmp(md5($fe_sParts[0].'/'.$this->TYPO3_CONF_VARS['SYS']['encryptionKey']), $fe_sParts[1])) { // If the session key hash check is OK:
if (isset($_SERVER['HTTP_COOKIE'])) {
$lastCookie = null;
$cookies = t3lib_div::trimExplode(';', $_SERVER['HTTP_COOKIE']);
foreach ($cookies as $cookie) {
list ($name, $value) = t3lib_div::trimExplode('=', $cookie);
if (strcmp(trim($name), $this->fe_user->name) == 0) {
// Use the last one
$lastCookie = $cookie;
}
}
if($lastCookie) {
$_SERVER['HTTP_COOKIE'] = str_replace($lastCookie ,$this->fe_user->name .'='. $fe_sParts[0], $_SERVER['HTTP_COOKIE']);
} else {
$_SERVER['HTTP_COOKIE'] .= ';' . $this->fe_user->name .'='. $fe_sParts[0];
}
}
$_COOKIE[$this->fe_user->name] = $fe_sParts[0];
$this->fe_user->forceSetCookie = 1;
}
}
}

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #27740: FE session transfer is brokenClosedDmitry Dulepov2011-06-28

Actions
Actions

Also available in: Atom PDF