Work-around for login w/o cookie support involving witchcraft

diff --git a/wcfsetup/install/files/lib/form/LoginForm.class.php b/wcfsetup/install/files/lib/form/LoginForm.class.php
index 0aa592bc9d75dbe136e95e7783c67a8d373b6635..c05acff16f0fde79764bc51145bf8fb7fb990e38 100644 (file)
--- a/wcfsetup/install/files/lib/form/LoginForm.class.php
+++ b/wcfsetup/install/files/lib/form/LoginForm.class.php
@@ -64,6 +64,8 @@ class LoginForm extends \wcf\acp\form\LoginForm {
                        UserAuthenticationFactory::getInstance()->getUserAuthentication()->storeAccessData($this->user, $this->username, $this->password);
                }
                
+               $oldSessionID = WCF::getSession()->sessionID;
+               
                // change user
                WCF::getSession()->changeUser($this->user);
                
@@ -71,6 +73,20 @@ class LoginForm extends \wcf\acp\form\LoginForm {
                $this->checkURL();
                $this->saved();
                
+               if (isset($_REQUEST['s']) && $_REQUEST['s'] == $oldSessionID && $oldSessionID != WCF::getSession()->sessionID) {
+                       // force instant redirect to avoid issues with non-cookie login and the already defined SID_ARG_* constants
+                       if (preg_match('~[?&]s=[a-f0-9]{40}~i', $this->url)) {
+                               $this->url = preg_replace('~([?&])s=[a-f0-9]{40}~i', '$1s=' . WCF::getSession()->sessionID, $this->url);
+                       }
+                       else {
+                               $this->url .= (mb_strpos($this->url, '?') === false) ? '?' : '&';
+                               $this->url .= 's=' . WCF::getSession()->sessionID;
+                       }
+                       
+                       HeaderUtil::redirect($this->url);
+                       exit;
+               }
+               
                // redirect to url
                WCF::getTPL()->assign('__hideUserMenu', true);
                HeaderUtil::delayedRedirect($this->url, WCF::getLanguage()->get('wcf.user.login.redirect'));