Bug #60264
closedfelogin permalogin not working with typo3 6.2.x -> cookie expires with session
100%
Description
Since Typo3 6.2.x there is a new value in the login process called:
dontSetCookie
This is set to TRUE by default in frontend\classes\Authentication\FrontendUserAuthentication.php
and verified in AbstractUserAuthentication.php
theoretically
dontSetCookie
should be set to "false" during the login process but it is apparently not the case resulting in the cookie set for login expire with the session.
Updated by Markus Klein over 10 years ago
Hi Jan,
what did you configure to enable permalogin?
What is set in the Install Tool for FE-cookies?
Updated by Jan Schreier over 10 years ago
hi Markus,
I got:
'FE' => array(
'activateContentAdapter' => '0',
'checkFeUserPid' => '1',
'compressionLevel' => '5',
'cookieDomain' => '',
'cookieName' => 'mydomain_typo_user',
'disableNoCacheParameter' => '0',
'lifetime' => '60480000',
'lockIP' => '0',
'loginSecurityLevel' => 'normal',
'pageNotFoundOnCHashError' => '0',
'permalogin' => '1',
),
and
'SYS' => array ('cookieDomain' => '.mydomain.de',)
Updated by Pierrick Caillon over 10 years ago
I also encounter the same issue.
I saw the TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie()
method is explicitly called from TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::createUserSession()
. I understand this is done because of the definition of dontSetCookie
to TRUE
in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::__construct()
. This way the session cookie is always set, because the setSessionCookie
method always determine that the cookie is for the session in this case, as the user
is not yet defined.
On workaround would be to call setSessionCookie
another time in FrontendUserAuthentication::createUserSession
if permanent login is requested. This way, the not session cookie will also be defined.
It may be a better approach to set only one cookie. For this, in FrontendUserAuthentication::createUserSession
, to instruction order must be reversed. AS there is a return value in the call to AbstractUserAuthentication::createUserSession
, it must be saved and returned after.
I am doing some more tests.
Updated by Pierrick Caillon over 10 years ago
As a workaround, I have changed the method FrontendUserAuthentication::createUserSession
to
$this->setSessionCookie();
$data = parent::createUserSession($tempuser);
if ($data['ses_permanent']) $this->dontSetCookie = FALSE;
return $data;
in my source. I should override it outside.Updated by Gernot Schulmeister over 10 years ago
I had the same problem with the permalogin. The solution mentioned above by Pierrick worked fine for me and I pushed it to Gerrit.
https://review.typo3.org/#/c/31607/
The status of the ticket did not change. Is this correct?
Updated by Markus Klein over 10 years ago
- Status changed from New to Under Review
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/31754
Updated by Gernot Schulmeister over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 74857fb0e4cb259b6cc8dabf8aced3e3679a2384.
Updated by Andre Michels about 10 years ago
I think its still buggy.
I got here a fresh install of 6.2.7 and want to to a login in the context of my extension.
So i call:
$GLOBALS['TSFE']->fe_user->createUserSession
But this doesnt create a cookie because in line 125 of FrontendUserAuthentication.php
$this->dontSetCookie = TRUE;
Line 266 in FrontendUserAuthentication.php in does not seems to be effective... Something might be broken since the last patch...
$this->dontSetCookie = FALSE;
Workaround
Clearly it helps to remove line 125, But i realy dont know what i do there :)
Updated by Markus Klein about 10 years ago
@Andre: First, 6.2.7 is fairly old already again. ~80 new bugfixes are in 6.2.9 now.
Your problem is not a bug in the core, but you're using (as many others as well) internal core API.
All you need to do after your call to $GLOBALS['TSFE']->fe_user->createUserSession
is to set some dummy data to the user session.
See also my fix for onetimeaccount:
https://git.typo3.org/TYPO3CMS/Extensions/onetimeaccount.git/blobdiff/b9bca530b155bb10d68ce3bef614db7d158b1bc3..d9dd642338ea8cc00de0cc422d2cd6bc0d219cad:/pi1/class.tx_onetimeaccount_pi1.php
Updated by Andre Michels about 10 years ago
Thank you for your help.
Your workaround looks much better but its still a workaround.
There have to be something wrong in the FrontendUserAuthentication.php
Updated by Markus Klein about 10 years ago
There is nothing wrong. The behaviour is totally fine.
Calling createUserSession() does not mean that a cookie needs to be placed in all cases. e.g. when there's no data in the session.
The core is now really working well and avoids FE cookies whenever possible.
Updated by Mirko grothe almost 10 years ago
sorry, wrong bug
( https://forge.typo3.org/issues/62194 )