Bug #60264
closed
felogin permalogin not working with typo3 6.2.x -> cookie expires with session
Added by Jan Schreier almost 10 years ago.
Updated over 5 years ago.
Description
Since Typo3 6.2.x there is a new value in the login process called:
dontSetCookie
This is set to TRUE by default in frontend\classes\Authentication\FrontendUserAuthentication.php
and verified in AbstractUserAuthentication.php
theoretically
dontSetCookie
should be set to "false" during the login process but it is apparently not the case resulting in the cookie set for login expire with the session.
Hi Jan,
what did you configure to enable permalogin?
What is set in the Install Tool for FE-cookies?
hi Markus,
I got:
'FE' => array(
'activateContentAdapter' => '0',
'checkFeUserPid' => '1',
'compressionLevel' => '5',
'cookieDomain' => '',
'cookieName' => 'mydomain_typo_user',
'disableNoCacheParameter' => '0',
'lifetime' => '60480000',
'lockIP' => '0',
'loginSecurityLevel' => 'normal',
'pageNotFoundOnCHashError' => '0',
'permalogin' => '1',
),
and
'SYS' => array ('cookieDomain' => '.mydomain.de',)
I also encounter the same issue.
I saw the TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie() method is explicitly called from TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::createUserSession(). I understand this is done because of the definition of dontSetCookie to TRUE in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::__construct(). This way the session cookie is always set, because the setSessionCookie method always determine that the cookie is for the session in this case, as the user is not yet defined.
On workaround would be to call setSessionCookie another time in FrontendUserAuthentication::createUserSession if permanent login is requested. This way, the not session cookie will also be defined.
It may be a better approach to set only one cookie. For this, in FrontendUserAuthentication::createUserSession, to instruction order must be reversed. AS there is a return value in the call to AbstractUserAuthentication::createUserSession, it must be saved and returned after.
I am doing some more tests.
As a workaround, I have changed the method FrontendUserAuthentication::createUserSession to
$this->setSessionCookie();
$data = parent::createUserSession($tempuser);
if ($data['ses_permanent']) $this->dontSetCookie = FALSE;
return $data;
in my source. I should override it outside.
I had the same problem with the permalogin. The solution mentioned above by Pierrick worked fine for me and I pushed it to Gerrit.
https://review.typo3.org/#/c/31607/
The status of the ticket did not change. Is this correct?
- Status changed from New to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/31754
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
I think its still buggy.
I got here a fresh install of 6.2.7 and want to to a login in the context of my extension.
So i call:
$GLOBALS['TSFE']->fe_user->createUserSession
But this doesnt create a cookie because in line 125 of FrontendUserAuthentication.php
$this->dontSetCookie = TRUE;
Line 266 in FrontendUserAuthentication.php in does not seems to be effective... Something might be broken since the last patch...
$this->dontSetCookie = FALSE;
Workaround
Clearly it helps to remove line 125, But i realy dont know what i do there :)
Thank you for your help.
Your workaround looks much better but its still a workaround.
There have to be something wrong in the FrontendUserAuthentication.php
There is nothing wrong. The behaviour is totally fine.
Calling createUserSession() does not mean that a cookie needs to be placed in all cases. e.g. when there's no data in the session.
The core is now really working well and avoids FE cookies whenever possible.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by