Bug #51964
closed
FE lifetime is ignored when anonymous user
0%
Description
Despite the fact, that i've defined a lifetime greater than 0 via the install tool, cookies are always set as session cookies.
Permalogin setting change nothing since, it's for a cookie without a user connected.
Seems to be related to #21433.
Function "FrontendUserAuthentication->isRefreshTimeBasedCookie" is used but I think that the function "AbstractUserAuthentication->isRefreshTimeBasedCookie" should be used instead when user is not connected.
In "isRefreshTimeBasedCookie" at line 214, if I delete "$this->user['ses_permanent']" everything is fine.
Updated by Gerrit Code Review over 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32967
Updated by Helmut Hummel over 9 years ago
- Status changed from Under Review to Needs Feedback
Thanks for the report.
I understand the potential need of different cookie lifetimes for anoymous sessions. This however not a feature that is implemented.
What is implemented is perma*login* which means different cookie lifetimes for authenticated sessions.
I checked the behavior on 6.2 and master and it works like expected/implemented:
Anonymous sessions always set session cookies. Once a user logs in an new cookie is set with the specified lifetime.
If the above behavior is broken in 6.1, we can fix it, but we cannot just re-declare the perma*login* feature to also work for anonymous sessions as it may break expectations of other users which rely on the current behavior.
Updated by
Updated by Markus Klein over 9 years ago
- Status changed from Needs Feedback to Closed