@matzesa opened this Issue on February 26th 2020

After logging in the MATOMO_SESSID Cookie is changed via the http header set-cookie and an expires directive is added. But the format of the value is unixtime instead of date (https://tools.ietf.org/html/rfc6265#section-4.1)

Example (Version 3.13.3):

Set-Cookie: MATOMO_SESSID=380lf4cjmaenc605u73dgklnq9; expires=1583920346; path=/; secure; httponly; SameSite=Lax

Found the following code line, perhaps it helps, but did not inspect deeper:
https://github.com/matomo-org/matomo/blob/35467f54cd3e1dae889d88ae4f80d4626f9127ed/core/Session.php#L210

Here it seems to be converted:
https://github.com/matomo-org/matomo/blob/35467f54cd3e1dae889d88ae4f80d4626f9127ed/core/Cookie.php#L155

@tsteur commented on February 26th 2020 Member

Thanks @matzesa very appreciated.

@dev-101 commented on February 26th 2020

Is this the cause of Matomo session lasting for few hours only? Ever since upgrading to the latest version 3.13.3 on one site, I always get login screen, even with remember me option checked. What have you done wrong this time? :)

@Findus23 commented on February 27th 2020 Member
@adegans commented on February 27th 2020

For me to 'remember me' doesn't work either.
But, it's not so much the checkbox as the session that's broken I think.

I tried logging out and then back in to sort of set a new login hash/id/thing - In case an old session or whatever was lingering around.
But as soon as I close the tab and load Matomo again I have to log in again.
So probably a session/cookie issue.
Worked fine in 3.13.2 (or whatever the version before was)

@benkuper commented on February 27th 2020

Same here, is there a workaround that we can do in the meantime ?

@Findus23 commented on February 28th 2020 Member

@benkuper
You can in the meantime try to apply this change from #15633 and report back if it works for you:


diff --git a/core/Session.php b/core/Session.php
index f2f984d357e..dd5b1229d70 100644
--- a/core/Session.php
+++ b/core/Session.php
@@ -222,7 +222,7 @@ public static function writeCookie($name, $value, $expires = 0, $path = '/', $do
     {
         $headerStr = 'Set-Cookie: ' . rawurlencode($name) . '=' . rawurlencode($value);
         if ($expires) {
-            $headerStr .= '; expires=' . $expires;
+            $headerStr .= '; expires=' . gmdate('D, d-M-Y H:i:s', $expires) . ' GMT';
         }
         if ($path) {
             $headerStr .= '; path=' . $path;
@benkuper commented on February 28th 2020

Thanks @Findus23 , it seems to do the job !
I have just tested by closing the browser and going back, but at least this works. This should definitely be integrated in next version :)

This Issue was closed on March 2nd 2020
Powered by GitHub Issue Mirror