Remember Me cookie deleted on logout from backend

The support for Joomla 2.5 ended on December 31, 2014. Possible bugs in Joomla 2.5 will not be patched anymore. This forum has been closed. Please update your website to Joomla 3.x

Moderator: ooffick

Forum rules
Please use the official Bug Tracker to report a bug: https://issues.joomla.org
-Dimi-
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Sep 14, 2014 10:42 pm

Remember Me cookie deleted on logout from backend

Postby -Dimi- » Sun Sep 14, 2014 11:10 pm

Hi,

I noticed that everytime I did some administrative tasks and logged out from backend, the next time I restarted the browser my session was gone and I wasn't logged in automatically on frontend.

After looking at the cookies of the page, I could see that on logout from backend the Remember Me cookie (valid for one year) was also deleted with that. This is because the same logout method is used for backend and frontend.
I found this method in the file "libraries/joomla/application/application.php", where the cookie deletion is done after the execution of "onUserLogout" event.
Imho there is missing a check from where the logout method was called.
If you have a look at the methods in the file "plugins/system/logout/logout.php" or at "plugins/system/remember/remember.php" you'll see that this kind of check is done there.

For now I've added the check to the logout method in application.php:

Code: Select all

      if ($this->isSite()) {
           // Use domain and path set in config for cookie if it exists.
           $cookie_domain = $this->getCfg('cookie_domain', '');
           $cookie_path = $this->getCfg('cookie_path', '/');
           setcookie(self::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
      }

and I would suggest to take this change into Joomla! core. What do you think?

Return to “Joomla! 2.5 Bug Reporting”

Who is online

Users browsing this forum: No registered users and 2 guests