I noticed that everytime I did some administrative tasks and logged out from backend, the next time I restarted the browser my session was gone and I wasn't logged in automatically on frontend.
After looking at the cookies of the page, I could see that on logout from backend the Remember Me cookie (valid for one year) was also deleted with that. This is because the same logout method is used for backend and frontend.
I found this method in the file "libraries/joomla/application/application.php", where the cookie deletion is done after the execution of "onUserLogout" event.
Imho there is missing a check from where the logout method was called.
If you have a look at the methods in the file "plugins/system/logout/logout.php" or at "plugins/system/remember/remember.php" you'll see that this kind of check is done there.
For now I've added the check to the logout method in application.php:
Code: Select all
if ($this->isSite()) {
// Use domain and path set in config for cookie if it exists.
$cookie_domain = $this->getCfg('cookie_domain', '');
$cookie_path = $this->getCfg('cookie_path', '/');
setcookie(self::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
}