Bug #51964
closed
FE lifetime is ignored when anonymous user
0%
Description
Despite the fact, that i've defined a lifetime greater than 0 via the install tool, cookies are always set as session cookies.
Permalogin setting change nothing since, it's for a cookie without a user connected.
Seems to be related to #21433.
Function "FrontendUserAuthentication->isRefreshTimeBasedCookie" is used but I think that the function "AbstractUserAuthentication->isRefreshTimeBasedCookie" should be used instead when user is not connected.
In "isRefreshTimeBasedCookie" at line 214, if I delete "$this->user['ses_permanent']" everything is fine.
Updated by Gerrit Code Review about 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/32967
Updated by Helmut Hummel about 10 years ago
- Status changed from Under Review to Needs Feedback
Thanks for the report.
I understand the potential need of different cookie lifetimes for anoymous sessions. This however not a feature that is implemented.
What is implemented is perma*login* which means different cookie lifetimes for authenticated sessions.
I checked the behavior on 6.2 and master and it works like expected/implemented:
Anonymous sessions always set session cookies. Once a user logs in an new cookie is set with the specified lifetime.
If the above behavior is broken in 6.1, we can fix it, but we cannot just re-declare the perma*login* feature to also work for anonymous sessions as it may break expectations of other users which rely on the current behavior.
Updated by
Updated by Markus Klein about 10 years ago
- Status changed from Needs Feedback to Closed