login "remember me" is not functioning #3290

Closed
rallek opened this Issue Dec 11, 2016 · 9 comments

Projects

None yet

3 participants

@rallek
Contributor
rallek commented Dec 11, 2016
Q A
Zikula Version 1.4.3 and 1.4.4
PHP Version 5.5.30

Expected behavior

if I use the checkbox for remember me during login I should be remembered

Actual behavior

next time I visit my page I have to login again

Steps to reproduce

use the remeber me function during login, close the browser window without logging out, and go to you website again. You are not logged in anymore.

It doesn't matter which setting I do have in security setting (tested medium and low)

@craigh craigh added this to the 1.4.5 milestone Dec 11, 2016
@rallek
Contributor
rallek commented Dec 17, 2016

I compared the behavior of the cookie. In 1.4.2 the live time of the cookie is changing after login to the following:
grafik
But since 1.4.3 the behavior is different. Before I logged in the cookie is looking as follow:
grafik
Valid until end of the session. That is right. But after logging in it is unchanged. It doesn't matter if I have the setting in the security settings to low or middle. And it doesn't matter if I am checking the remeber me function at login or not.

@rallek
Contributor
rallek commented Dec 22, 2016

next observation: The _zsid cookie is marked as Sitzungscookie (session cookie). If I uncheck "session cookie" and add another date in future I am still logged in when leaving the site an come back.

@rallek
Contributor
rallek commented Dec 26, 2016

Next observation: I do have two similar sites one is my live site with URL mysite.tld and the other one is my testing site with the URL testing.mysite.tld.

For the testing site I already manually unchecked the session cookie but not for the live site. I now logged in into the live site and opend in another tab my testing site. I was not logged in into my testing site anymore automatically. I looked for the cookies and can see two _zsid cookies. The one from the live site was still a sessions cookie and the one for my testing site do have still the longer valid time.

My conclusion: Both sites choose the same cookie with session is disabled.

There is something mixed up with the session handling. Might be it is also the same root cause for the language setting cookie.

@rallek rallek closed this Dec 26, 2016
@rallek rallek reopened this Dec 26, 2016
@Guite Guite modified the milestone: 1.4.5, 1.4.6 Dec 29, 2016
@Guite
Member
Guite commented Jan 3, 2017

Just a guess in the wild: @rallek please check in the SecurityCenter config page which value the settings Garbage collection probability and Periodically regenerate session id have. Maybe try changing the second one to false and see if this makes a difference.

@Guite
Member
Guite commented Jan 3, 2017

There is also a third setting probability of regeneration which may be relevant, too.

@rallek
Contributor
rallek commented Jan 3, 2017

changed Periodically regenerate session id to false but with no effect to the problem.

@Guite
Member
Guite commented Jan 3, 2017

Probably related:

http://symfony.com/doc/current/components/http_foundation/session_configuration.html#session-cookie-lifetime

We do not specify a cookie_lifetime anywhere in the core.

cc @craigh

@craigh
Member
craigh commented Jan 16, 2017

Gültig bis = Date of Expiry
Am Ende der Sitzung = At the end of the session

@rallek
Contributor
rallek commented Jan 16, 2017

Correct translated

@craigh craigh added a commit that referenced this issue Jan 17, 2017
@craigh craigh correct rememberme function. fixes #3290
finalize FC session storage closes #3329
85d1ea4
@craigh craigh closed this in #3391 Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment