From 8ffd696b5c027ce0b82f3b247e976395e09129fa Mon Sep 17 00:00:00 2001
From: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Date: Mon, 18 Aug 2014 01:07:47 +0200
Subject: [PATCH] [BUGFIX] rsaauth: remove session-cookie when no longer used

When deleting the rsa key from the database we now remove the PHP cookie
as well in order to keep the system cleaned up.

Change-Id: I037deabf0a60e6ad785678b60424b3cc49af77b0
Resolves: #61016
Releases: master, 7.6
Reviewed-on: https://review.typo3.org/47901
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
---
 typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php b/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
index 1929addec6cc..8839ba83c986 100644
--- a/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
+++ b/typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
@@ -79,6 +79,13 @@ class SplitStorage extends AbstractStorage
             if (MathUtility::canBeInterpretedAsInteger($keyId)) {
                 $this->databaseConnection->exec_DELETEquery('tx_rsaauth_keys', 'uid=' . $keyId);
                 unset($_SESSION['tx_rsaauth_key']);
+                if (empty($_SESSION)) {
+                    $sessionName = session_name();
+                    $sessionCookie = session_get_cookie_params();
+                    session_destroy();
+                    // By using setcookie with the second parameter set to false we actually delete the cookie
+                    setcookie($sessionName, false, $sessionCookie['lifetime'], $sessionCookie['path'], $sessionCookie['domain'], $sessionCookie['secure']);
+                }
             }
         } else {
             // Add key
-- 
GitLab