Logout in Frontend creates not necessary cookies
Opened this issue · 2 comments
Our customer found out, after logging out from TYPO3 frontend, two Cookies are set.
After searching inside the code, I recognized the hook, deleting the PhpMyAdmin cookie starts a new session and sends out the PHPSESSION and PhpMyAdmin cookie to the browser.
The class BeUserAuthLogOffHook should recognize, if the logout was sent from frontend or backend and should ignore logouts from frontend, because the hook $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] is called both in frointend and backend inside the AbstractUserAuthentication working with frontend and backend logins.
Since TYPO3 doesn't send cookies from v7 up, if they are not necessary, it would be fine, if other extensions do the same.
If you think it is an upstream bug, feel free to report it to our GitHub tracker :)