Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Does "Remember me next time?" expire?


Go to End


7 Posts   3254 Views

Avatar
purplespider

Community Member, 89 Posts

16 January 2011 at 12:24am

I run a site which has a members only section. I'm using the standard /Security/login page.

I have a user reporting that they need to manually log in every time, even after ticking the "Remember me next time?" box.

Before I tell him to clear his cookies etc, I was just wondering if someone could explain exactly how "Remember me next time?" works?

Presumably it puts a cookie on the user's computer, does this cookie expire after a certain amount of time? Or does it allow the user to be logged in indefinitely, unless they manually log out?

Many Thanks
James

Avatar
Willr

Forum Moderator, 5523 Posts

18 January 2011 at 5:14pm

Presumably it puts a cookie on the user's computer, does this cookie expire after a certain amount of time? Or does it allow the user to be logged in indefinitely, unless they manually log out?

Yes it uses a cookie and by default it is set to 90 days. The relevant code if you're interested is in Member::logIn()

Avatar
StuM

Community Member, 59 Posts

27 January 2011 at 11:59am

Edited: 29/01/2011 10:40am

This is broken in the latest 2.4, mine always worked until I upgraded to the latest a couple of weeks ago

Avatar
purplespider

Community Member, 89 Posts

27 January 2011 at 11:22pm

Interesting, I'm on 2.4.1

Avatar
bartvanirsel

Community Member, 96 Posts

9 May 2011 at 9:22pm

Hi,

Is it posible to keep a user from being logged out when closing their brwser when they checked 'Remember me next time' in the loggin form?

Avatar
codem

Community Member, 6 Posts

27 July 2011 at 8:08pm

I have clients calling me nonstop about this bug and this is the forum post that comes up in Google trying to track this down.

It's documented in Trac:
http://open.silverstripe.org/ticket/6646
and over at github
https://github.com/silverstripe/sapphire/commit/ef6432d6476cbd47d91f52128c1d76a976881f59

Basically there is a typo in Member where the RememberLoginToken is updated correctly for that member on auto login, but the old token is written to the cookie again (the cookie value remains unchanged).

The fix has been in place in trunk for 2 months (!) so I guess it's going to make it's way into 2.4.6 when it's released. If you can't wait that long then here is the patch:

=== modified file 'sapphire/security/Member.php'
--- sapphire/security/Member.php 2011-05-10 06:57:10 +0000
+++ sapphire/security/Member.php 2011-07-27 07:53:57 +0000
@@ -399,7 +399,7 @@

$generator = new RandomGenerator();
$member->RememberLoginToken = $generator->generateHash('sha1');
- Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, false, true);
+ Cookie::set('alc_enc', $member->ID . ':' . $member->RememberLoginToken, 90, null, null, false, true);

$member->NumVisit++;
$member->write();

Hopefully this will help those like me who track this down via Google.

Avatar
bartvanirsel

Community Member, 96 Posts

27 July 2011 at 8:18pm

Great! Thank you!