Skip to content
Permalink
Browse files

[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled

  • Loading branch information...
dhensby authored and Damian Mooyman committed Jul 25, 2016
1 parent 83e3302 commit fa7f5af8618a83c865b11fd6cc981ad9661046e6
Showing with 4 additions and 2 deletions.
  1. +4 −2 security/Member.php
@@ -484,7 +484,8 @@ public function logIn($remember = false) {
$this->addVisit();
if($remember) {
// Only set the cookie if autologin is enabled
if($remember && Security::config()->autologin_enabled) {
// Store the hash and give the client the cookie with the token.
$generator = new RandomGenerator();
$token = $generator->randomToken('sha1');
@@ -567,7 +568,8 @@ public static function autoLogin() {
// Don't bother trying this multiple times
self::$_already_tried_to_auto_log_in = true;
if(strpos(Cookie::get('alc_enc'), ':') === false
if(!Security::config()->autologin_enabled
|| strpos(Cookie::get('alc_enc'), ':') === false
|| Session::get("loggedInAs")
|| !Security::database_is_ready()
) {

0 comments on commit fa7f5af

Please sign in to comment.
You can’t perform that action at this time.