Project

General

Profile

Actions

Feature #77080

open

Make permanent anonymous fe_sessions working (set cookie with lifetime)

Added by Arek van Schaijk over 8 years ago. Updated over 4 years ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2016-07-13
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

I expect that my fe_typo_user session is permanent and my fe_session_data is available for the time configured in [FE][lifetime] and [FE][sessionDataLifetime]. [FE][sessionDataLifetime] describes: "Integer: positive. If >0, the session data will timeout and be removed after the number of seconds given (86400 seconds represents 24 hours)." which suggests this should be the case.

When you create fe_session_date like:

$GLOBALS['TSFE']->fe_user->setKey('ses', 'uniqueKey', 'test: '.time());
$GLOBALS['TSFE']->fe_user->storeSessionData();

It seems that there is a cookie set named "fe_typo_user" without a expiration date. So if you close your browser completely and return to the website the "fe_typo_user" cookie was destroyed.

This is because:
"\TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication->isRefreshTimeBasedCookie()" which is called by "AbstractUserAuthentication->setSessionCookie()" depends on $this->user for setting a expiration date on the cookie.

Can you guys please check/fix this one?

A simple workaround for now was to create a custom user (but didn't check if there were any complications).

$GLOBALS['TSFE']->fe_user->setKey('ses', 'uniqueKey', 'test: '.time());
$GLOBALS['TSFE']->fe_user->user = ['ses_permanent' => TRUE];
$GLOBALS['TSFE']->fe_user->storeSessionData();
Actions #1

Updated by Arek van Schaijk about 8 years ago

Any thoughts/updates?

Actions #2

Updated by Helmut Hummel about 8 years ago

  • Tracker changed from Bug to Feature

perma login (cookie with a dedicated lifetime) is only implemented for authenticated frontend sessions.

Implementing that for anonymous sessions, would be a feature that could go in an new minor version, but not in released versions.

When implementing that it would make sense to review the current fe-session handling regarding permalogin and maybe simplify the configuration.

Actions #3

Updated by Helmut Hummel about 8 years ago

  • Subject changed from Permanent fe_sessions are not working, fe_session_data lost, [FE][sessionDataLifetime] is ignored to Make permanent anonymous fe_sessions working (set cookie with lifetime)
Actions #4

Updated by Susanne Moog over 4 years ago

  • Category set to Authentication
Actions

Also available in: Atom PDF