Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login form sometimes submits to CoreHome so must be more lenient in check for form_rememberme. #13333

Merged
merged 1 commit into from Aug 28, 2018
Merged

Login form sometimes submits to CoreHome so must be more lenient in check for form_rememberme. #13333

merged 1 commit into from Aug 28, 2018

Conversation

diosmosis
Copy link
Member

@diosmosis diosmosis added the Needs Review PRs that need a code review label Aug 22, 2018
@diosmosis diosmosis added this to the 3.6.0 milestone Aug 22, 2018
tsteur
tsteur reviewed Aug 22, 2018
View reviewed changes
plugins/Login/Login.php
@@ -65,7 +65,7 @@ private function shouldHandleRememberMe()
{
$module = Common::getRequestVar('module', false);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite sure I understand shouldHandleRememberMe. Shouldn't remember me be always handled? there could be also maybe a login form when opening multi sites etc?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the sessions PR we had a discussion about whether it would be possible for someone to add form_rememberme to a URL and have it extend the session for the user, and this was a way to mitigate it. Basically, if we're detecting a POST by the login form, then we check form_rememberme & change the session time (because if it's not set, then we want it to end with the browser session).

@mattab mattab merged commit c16d18e into 3.x-dev Aug 28, 2018
@mattab mattab added the answered For when a question was asked and we referred to forum or answered it. label Aug 28, 2018
InfinityVoid pushed a commit to InfinityVoid/matomo that referenced this pull request Oct 11, 2018
@diosmosis @InfinityVoid
Login form sometimes submits to CoreHome so must be more lenient in c…
1befc9b 
…heck for form_rememberme. (matomo-org#13333)
@diosmosis diosmosis deleted the form-remember-me branch November 4, 2018 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur left review comments

Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it. Needs Review PRs that need a code review
Projects
None yet
Milestone
3.6.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@diosmosis @tsteur @mattab