Jump to:

23453 Posts in 18902 Topics by 2877 members

General Questions

SilverStripe Forums » General Questions » Does "Remember me next time?" expire?

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1665 Views
  • purplespider
    Avatar
    Community Member
    81 Posts

    Does "Remember me next time?" expire? Link to this post

    I run a site which has a members only section. I'm using the standard /Security/login page.

    I have a user reporting that they need to manually log in every time, even after ticking the "Remember me next time?" box.

    Before I tell him to clear his cookies etc, I was just wondering if someone could explain exactly how "Remember me next time?" works?

    Presumably it puts a cookie on the user's computer, does this cookie expire after a certain amount of time? Or does it allow the user to be logged in indefinitely, unless they manually log out?

    Many Thanks
    James

  • Willr
    Avatar
    Forum Moderator
    5497 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    Presumably it puts a cookie on the user's computer, does this cookie expire after a certain amount of time? Or does it allow the user to be logged in indefinitely, unless they manually log out?

    Yes it uses a cookie and by default it is set to 90 days. The relevant code if you're interested is in Member::logIn()

  • StuM
    Avatar
    Community Member
    56 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    This is broken in the latest 2.4, mine always worked until I upgraded to the latest a couple of weeks ago

  • purplespider
    Avatar
    Community Member
    81 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    Interesting, I'm on 2.4.1

  • bartvanirsel
    Avatar
    Community Member
    94 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    Hi,

    Is it posible to keep a user from being logged out when closing their brwser when they checked 'Remember me next time' in the loggin form?

  • codem
    Avatar
    Community Member
    6 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    I have clients calling me nonstop about this bug and this is the forum post that comes up in Google trying to track this down.

    It's documented in Trac:
    http://open.silverstripe.org/ticket/6646
    and over at github
    https://github.com/silverstripe/sapphire/commit/ef6432d6476cbd47d91f52128c1d76a976881f59

    Basically there is a typo in Member where the RememberLoginToken is updated correctly for that member on auto login, but the old token is written to the cookie again (the cookie value remains unchanged).

    The fix has been in place in trunk for 2 months (!) so I guess it's going to make it's way into 2.4.6 when it's released. If you can't wait that long then here is the patch:

    === modified file 'sapphire/security/Member.php'
    --- sapphire/security/Member.php 2011-05-10 06:57:10 +0000
    +++ sapphire/security/Member.php 2011-07-27 07:53:57 +0000
    @@ -399,7 +399,7 @@

    $generator = new RandomGenerator();
    $member->RememberLoginToken = $generator->generateHash('sha1');
    - Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, false, true);
    + Cookie::set('alc_enc', $member->ID . ':' . $member->RememberLoginToken, 90, null, null, false, true);

    $member->NumVisit++;
    $member->write();

    Hopefully this will help those like me who track this down via Google.

  • bartvanirsel
    Avatar
    Community Member
    94 Posts

    Re: Does "Remember me next time?" expire? Link to this post

    Great! Thank you!

    1665 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.