Jump to content


Photo

"Remember Me" checkbox on Log in Does not Work


I had a user file a complaint on my site that unchecking the box in front of "Remember me" during log in does nothing.
If you don't explicitly sign out, you are still logged in when you open the browser the next day.
 
I've verified that this occurs on this site as well.
 
While I frankly don't care, that box is not working as the description implies and I have to address this user's concern.

Status: Fixed
Version: 3.4.2
Fixed In: 3.4.3


28 Comments

Updating Status to: Confirmed - General

-

This could compromise privacy. Should be fixed asap.

    • media and Snice like this

Agree with Axel, this is a blocker for upgrading to 3.4.2.

Agree with Axel, this is a blocker for upgrading to 3.4.2.

 

3.4.1 also has this bug so if you are on version 3.4.1 this isn't a reason not to uprade to 3.4.2.

When it will be fixed? Or anyone has an idea how to fix it?

This could compromise privacy. Should be fixed asap.

++

Updating Status to: Working - In Progress

-

Updating Status to: Confirmed - General



The issue here is in publicSessions::_updateMemberSession() line 710

 

we set the member_id cookie as sticky

IPSCookie::set( "member_id", self::$data_store['member_id'], 1 );

we also do similar in _createMemberSession() on line 999. This needs to reflect the remember me choice but this is only available during the login process.

Photo
Marcher Technologies
Jan 29 2013 10:24 PM

Updating Status to: Confirmed - General



The issue here is in publicSessions::_updateMemberSession() line 710

 

we set the member_id cookie as sticky

IPSCookie::set( "member_id", self::$data_store['member_id'], 1 );

we also do similar in _createMemberSession() on line 999. This needs to reflect the remember me choice but this is only available during the login process.

save/update the preference on login(and I mean to database).

return it to the ipsconnect slaves on 'cookies', and have them if possible/present send it on 'login'.

I am having to make assumptions I do not like because of the same issue in wordpress, please do better. :smile:

Updating Status to: Confirmed - General

And in this case, when we are talking about this, I would strongly recommend UNcheck this by default.

I agree it should be unchecked by default. The user should make the conscious decision and click to be remembered.

    • Axel Wers likes this
Updating Status to: Working - In Progress

-
Updating Fixed In to: 3.4.3
Updating Status to: Fixed

-
Updating Status to: Confirmed - General

This won't work unfortunately it only inverts the problem. The cookie is now set to the current time expiry date so the user will always be logged out on their next visit. I'm not familiar with the changes made here as to why the cookie is getting reset at this point. If that is required it seems to me that we'll need to store the remember me preference in the database so that we can set the cookie with the correct expiry date.

    • Marcher Technologies likes this
Photo
Andy Badwool
Feb 07 2013 03:18 AM

What I'm wondering is... hasn't this always been working correctly in the past? How did it break?

This wasn't intentionally broken as you can imagine.  A fix for a different issue inadvertently caused this to break.

A fix for a different issue inadvertently caused this to break.

Yes, lot of bugs has appeared because some other were fixed.

What I'm wondering is, why are you keeping the cookie when people click "Log out"? Can't you just fully remove the cookie when people use the "Log out"-button? I can't see why you would let the cookie laying around there

This bug doesn't actually have anything to do with logging out explicitly.

Hmm. 

 

Is that another bug then? Because on a staff forum we have on 3.4.2 this can happen: 

 

1. I explicitly log out

2. I am now logged out, I do a immediate refresh and I'm still logged out

3. I come back some hours later, logged in again :S

 

Which is... kinda critical when it's a staff forum, or really any forum. But in the start I thought it was me being crazy imagining things. 

That, IIRC, was a separate similar bug.

That, IIRC, was a separate similar bug.

 

Ok, I've posted here: http://community.inv...sign-out-r40372

 

Please also note that Kessler have posted about a ticket for 3.4.2 on the issue, so I think you should take a look and comment over in that bug report. I'll see it if you reply there, thanks. 

Updating Status to: Working - In Progress

-
Updating Fixed In to: 3.4.3
Updating Status to: Fixed

-

Sorry, but the error was not solved :(