revolution icon indicating copy to clipboard operation
revolution copied to clipboard
verified publisher icon modxcms

"Remember me" is not setting an expiration date and time for session cookies in MODX 3.0

Open SnowCreative opened this issue 1 year ago • 3 comments

Bug report

Summary

The "remember me" checkbox in MODX 3.0 has no effect.

Step to reproduce

Set "session_cookie_lifetime" to a long number, like 604800 (one week). Check off "Remember Me", log in, then quit your browser. Come back after that time, and go to the manager.

Observed behavior

You don't get automatically logged in. I checked the session cookie info and no expiration date and time are set. Checking the cookie for 2.8 sites shows the expiration date and time do get set.

Environment

MODX 3.0.4.

SnowCreative avatar Feb 04 '24 18:02 SnowCreative

This issue has been mentioned on MODX Community. There might be relevant details there:

https://community.modx.com/t/restricting-front-end-session-time/7486/9

modxcommunity avatar Feb 04 '24 18:02 modxcommunity

The problem seems to be here in the code:

https://github.com/modxcms/revolution/blob/73bfd2712427f46d9f32730b86f335fbe3296703/core/src/Revolution/Processors/Security/Login.php#L56

$this->getProperty('rememberme') returns a value of "1" when the checkbox "Keep me logged in ..." is checked on log in. With the triple equal sign comparison operator (===), "rememberme" is always false.

halftrainedharry avatar Feb 04 '24 19:02 halftrainedharry

Yes, changing that to double equal sign does the trick.

SnowCreative avatar Feb 04 '24 19:02 SnowCreative