MODX 3: Manager login not possible with anonymous_sessions = No

[halftrainedharry]

Bug report

Summary

When the system setting anonymous_sessions is set to No, it's no longer possible to log in to the MODX manager (when the cookies are cleared beforehand).

Step to reproduce

In MODX 3, set the system setting anonymous_sessions to No. Clear the browser cookies. Then try to log in to the manager.

Observed behavior

Sending the login form, just reloads the page.

In MODX 2.x this is not the case, but I couldn't figure out what the difference between the versions is. When you log in, the "security/login" processor gets executed and a redirect happens. In MODX 2.x $_COOKIE has content after the redirect, in MODX 3 $_COOKIE is still empty.

https://github.com/modxcms/revolution/blob/69a7d6d14f84151ced04a552678657456c05b9cc/core/src/Revolution/modX.php#L2793

Environment

MODX 3.0.3

[rthrash]

This issue has been mentioned on MODX Community. There might be relevant details there:

https://community.modx.com/t/login-fails-silently-seems-to-be-a-session-problem/6654/7

[Jako]

This was discussed long before: https://github.com/modxcms/revolution/issues/12983#issuecomment-219218179

[JoshuaLuckers]

@Jako so this is expected behavior in 3.x?

[Jako]

The setting was meant as a context setting in 2.x. I don't see any important change between 3.x and 2.x other than the setcookie version check.