After upgrading in 4.4, Remember Me doesn't work

Saturday 12 March 2011 3:50:37 am

Hello again,

directly following my login problems after upgrading from 4.3 to 4.4 and my PHP Notice problem, I run into another issue : the RememberMe checkboxe doesn't work anymore after upgrade, I get disconnected SessionTimeout time has pased.

Here's the agregated [Session] configuration groupe from the site.ini file :

[Session]
RememberMeTimeout=604800
Handler=eZSessionHandlerDB
SessionTimeout=259200
ActivityTimeout=3600
ForceStart=disabled
SessionNameHandler=custom
SessionNamePrefix=eZSESSID
SessionNamePerSiteAccess=disabled

Here's the Remember Me checkbox code from the template :

<form method="post" action={"/user/login/"|ezurl} name="loginform">
   <div>
     <label for="id1">Login</label>
     <input class="input-text post" type="text" name="Login" id="id1" value="" />
   </div>
   <div>
     <label for="id2">Pass</label>
     <input type="password" name="Password" id="id2" value="" />
   </div>
   <div class="inline">
     <label for="id4">Remember Me</label>
     <input type="checkbox" name="Cookie" id="id4" />
     <input type="submit" name="LoginButton" value="Login" />
   </div>
</form>

Has the input name changed or something ?

Thanks in advance for your replies !

Benjamin

eZ Publish personal project : http://www.aeriesguard.com [fr]

Monday 14 March 2011 6:40:31 am

Hi Damien,

thanks for your reply.

I tried to switch the Handler back to default (sessions handled by PHP) but with no luck, I'm still logged out after 20 minutes.

I will try to change SessionNamePerSiteAcces but I kind of like cross siteaccess login for my site, it's more convenient...

eZ Publish personal project : http://www.aeriesguard.com [fr]

Monday 14 March 2011 8:56:54 am

I tried to disable SessionNamePerSiteAccess but again, I've been disconnected on either siteacces after 20 minutes of inactivity.

Since nothing is stored in the database anymore for the sessions, I'm planning on raising drastically the PHP session timeout to keep people logged in.

Thanks anyway for the help !

Edit :

Like I said before, I updated my php.ini to make it remember the sessions. here's the extract of the php.ini file about Session :

[Session]
session.save_handler = files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
>> session.cookie_lifetime = 604800
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_divisor     = 100
>> session.gc_maxlifetime = 259200
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4

Now the user are remembered, even if they left the "Remember Me" checkbox unchecked, I should remove it to avoid confusion. Or even better, leave it checked and disabled to show users that they are indeed remembered.

That solve the initial problem but at a functional costs.

Do you think it was a bad idea to mess with the PHp session lifetime or not ?

eZ Publish personal project : http://www.aeriesguard.com [fr]