'Remember me' not working because cookie expire is in wrong format #15625
Comments
|
Thanks @matzesa very appreciated. |
|
Is this the cause of Matomo session lasting for few hours only? Ever since upgrading to the latest version 3.13.3 on one site, I always get login screen, even with remember me option checked. What have you done wrong this time? :) |
|
Same is reported in https://forum.matomo.org/t/remember-me-not-working-since-update/36233 |
Findus23
added
the
Regression
|
For me to 'remember me' doesn't work either. I tried logging out and then back in to sort of set a new login hash/id/thing - In case an old session or whatever was lingering around. |
|
Same here, is there a workaround that we can do in the meantime ? |
|
@benkuper diff --git a/core/Session.php b/core/Session.php
index f2f984d357e..dd5b1229d70 100644
--- a/core/Session.php
+++ b/core/Session.php
@@ -222,7 +222,7 @@ public static function writeCookie($name, $value, $expires = 0, $path = '/', $do
{
$headerStr = 'Set-Cookie: ' . rawurlencode($name) . '=' . rawurlencode($value);
if ($expires) {
- $headerStr .= '; expires=' . $expires;
+ $headerStr .= '; expires=' . gmdate('D, d-M-Y H:i:s', $expires) . ' GMT';
}
if ($path) {
$headerStr .= '; path=' . $path; |
|
Thanks @Findus23 , it seems to do the job ! |
* Fix session expire fixes #15625 * adds some tests
mattab
changed the title
mattab
added
Regression
mattab
changed the title
* Fix session expire fixes matomo-org#15625 * adds some tests
* Fix session expire fixes matomo-org#15625 * adds some tests
|
I am running Matomo v4.1.1 and still seeing the old, erroneous epoch time expiration values in the cookie. If I understand this issue and the linked PR correctly, this problem got fixed and integrated back in the 3.x line. How could it be that I'm still seeing this behavior? Anyone else still having the problem? |
|
Have you tried to sign-out and sign-in? This step was required to complete the fix iirc. But, I guess you already tried that. So far, no issues here since the original fix. |
|
Sorry, I just realized that I am in fact seeing the proper date string, not the old unix time string, and I even see that the date is updated on every refresh within the same session. Currently the expiry time reads "2021-07-31T10:10:33.600Z", but regardless, I still get logged out. Not sure what the problem could be. I've tried logging out, etc. It's as if the cookie just isn't being read / respected. |
|
Maybe session file on your server gets removed for some reason. Don't know what could be the problem. |
|
False alarm. I've played with this further, and now everything is working as expected. I don't know exactly what made the difference, but perhaps I hadn't fully / properly tested by logging out, quitting the browser and restarting before. All good now. |
|
To get some better picture, I am facing the same issue and upon some investigation, I've seen that it our instance never stores session files on the disk, but rather appears to have a |
|
@nebulade Matomo switched to using database sessions instead of files a while ago. So the table should hold all login sessions. |
|
Thanks for the clarification @sgiehl ! |
After logging in the MATOMO_SESSID Cookie is changed via the http header set-cookie and an expires directive is added. But the format of the value is unixtime instead of date (https://tools.ietf.org/html/rfc6265#section-4.1)
Example (Version 3.13.3):
Found the following code line, perhaps it helps, but did not inspect deeper:
matomo/core/Session.php
Line 210 in 35467f5
Here it seems to be converted:
matomo/core/Cookie.php
Line 155 in 35467f5
The text was updated successfully, but these errors were encountered: