Logout in Frontend creates not necessary cookies #54
Comments
|
If you think it is an upstream bug, feel free to report it to our GitHub tracker :) |
|
I guess this is now fixed by #57 - sorry I created the PR because my customer reported it, but I didn't look at the open issues before. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our customer found out, after logging out from TYPO3 frontend, two Cookies are set.
After searching inside the code, I recognized the hook, deleting the PhpMyAdmin cookie starts a new session and sends out the PHPSESSION and PhpMyAdmin cookie to the browser.
The class BeUserAuthLogOffHook should recognize, if the logout was sent from frontend or backend and should ignore logouts from frontend, because the hook $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] is called both in frointend and backend inside the AbstractUserAuthentication working with frontend and backend logins.
Since TYPO3 doesn't send cookies from v7 up, if they are not necessary, it would be fine, if other extensions do the same.
See: https://forge.typo3.org/issues/94362
The text was updated successfully, but these errors were encountered: