Project

General

Profile

Actions

Bug #51964

closed

FE lifetime is ignored when anonymous user

Added by Pierre Boivin about 11 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2013-09-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Despite the fact, that i've defined a lifetime greater than 0 via the install tool, cookies are always set as session cookies.

Permalogin setting change nothing since, it's for a cookie without a user connected.

Seems to be related to #21433.

Function "FrontendUserAuthentication->isRefreshTimeBasedCookie" is used but I think that the function "AbstractUserAuthentication->isRefreshTimeBasedCookie" should be used instead when user is not connected.

In "isRefreshTimeBasedCookie" at line 214, if I delete "$this->user['ses_permanent']" everything is fine.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #21433: FE lifetime is ignoredClosed2010-08-11

Actions
Actions #1

Updated by Gerrit Code Review about 10 years ago

  • Status changed from New to Under Review

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32967

Actions #2

Updated by Helmut Hummel about 10 years ago

  • Status changed from Under Review to Needs Feedback

Thanks for the report.

I understand the potential need of different cookie lifetimes for anoymous sessions. This however not a feature that is implemented.

What is implemented is perma*login* which means different cookie lifetimes for authenticated sessions.

I checked the behavior on 6.2 and master and it works like expected/implemented:
Anonymous sessions always set session cookies. Once a user logs in an new cookie is set with the specified lifetime.

If the above behavior is broken in 6.1, we can fix it, but we cannot just re-declare the perma*login* feature to also work for anonymous sessions as it may break expectations of other users which rely on the current behavior.

Actions #3

Updated by Pierre Boivin about 10 years ago

It's fine for me

Actions #4

Updated by Markus Klein about 10 years ago

  • Status changed from Needs Feedback to Closed
Actions

Also available in: Atom PDF