[BUGFIX] rsaauth: remove session-cookie when no longer used

When deleting the rsa key from the database we now remove the PHP cookie as well in order to keep the system cleaned up. Change-Id: I037deabf0a60e6ad785678b60424b3cc49af77b0 Resolves: #61016 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/47901 Reviewed-by: Frank Naegler <frank.naegler@typo3.org> Tested-by: Frank Naegler <frank.naegler@typo3.org>

[BUGFIX] rsaauth: remove session-cookie when no longer used
When deleting the rsa key from the database we now remove the PHP cookie as well in order to keep the system cleaned up. Change-Id: I037deabf0a60e6ad785678b60424b3cc49af77b0 Resolves: #61016 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/47901 Reviewed-by: Frank Naegler <frank.naegler@typo3.org> Tested-by: Frank Naegler <frank.naegler@typo3.org>
8ffd696b · Stefan Neufeind · Frank Naegler · c9167e20 · 8ffd696b
Commit 8ffd696b authored 10 years ago by Stefan Neufeind Committed by Frank Naegler 8 years ago
--- a/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
+++ b/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
@@ -79,6 +79,13 @@ class SplitStorage extends AbstractStorage
            if (MathUtility::canBeInterpretedAsInteger($keyId)) {
                $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
                unset($_SESSION['tx_rsaauth_key']);
+                if (empty($_SESSION)) {
+                    $sessionName = session_name();
+                    $sessionCookie = session_get_cookie_params();
+                    session_destroy();
+                    // By using setcookie with the second parameter set to false we actually delete the cookie
+                    setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']);
+                }
            }
        } else {
            // Add key