Do not refresh ACP session cookies

They are scoped as session cookies and thus live until the browser is closed
which is preferable compared to a dated expiry.

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index f9fd3530dee36676325143e1e9681a46ae0eb6b4..cf607bce923049625c8fe2fd509aa37281021a31 100644 (file)
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -408,7 +408,7 @@ final class SessionHandler extends SingletonFactory {
                ]);
                
                // Refresh cookie.
-               if ($this->user->userID) {
+               if ($this->user->userID && !$this->isACP) {
                        HeaderUtil::setCookie(($this->isACP ? 'acp' : 'user')."_session", $this->sessionID, TIME_NOW + 86400 * 14);
                }