Bug #16355 See Comments

“Remember Me” functionality broken in 2.2.1

Version: EE 2.2.1 Reporter: Bjørn Børresen

Hi guys,

we’re having some issues with the “Remember Me” functionality after 2.2.1. I know this has been reported before (http://ellislab.com/forums/viewthread/195115/) and that a feature request was suggested. I’d like to report this as a bug though.

This is functionality that worked as expected prior to the release of 2.2.1. Checking “Remember Me” would set a cookie in your browser and you wouldn’t have to log in for a certain period of time. You could visit your favorite website at home and at work, and the remember me functionality would work as expected.

After 2.2.1 it does not work as expected. I don’t think anyone expects a remember me feature to invalidate the cookies set in your other browsers when you’re using it in a new browser. That’s what currently happens - use remember me and it will log you out everywhere else.

How to reproduce
================
1. Log in w/firefox. Log in w/chrome. You’ve got two sessions working fine in each browser.
2. Delete the entries in your exp_sessions table so that it will have to fallback on the cookie.
3. Refresh your browsers and notice that only the last login works (the other cookie has been invalidated)

If you try the above on an EE install prior to 2.2.1 it will work as expected - that is, it will fallback to the cookie in both browser and you’ll still be logged in both places.

To conclude, this functionality has gone from working as expected to producing unexpected behavior. So, I in my opinion this is a bug that should be fixed.

“planespotter” has some good ideas in his FR here: http://ellislab.com/forums/viewthread/195348/

  • This is also broken in v2.2.2 - Build: date 20110801

    MediaGirl Inc.
    17th August, 2011 at 1:08pm
  • Any fix that we can hack in ourselves?

    MediaGirl Inc.
    04th September, 2011 at 12:09am
  • This workaround works: http://ellislab.com/forums/viewthread/195115/#919183

    If you’re familiar with patch files you can run this: http://pastebin.com/sze8jb0L

    Bjørn Børresen
    04th September, 2011 at 6:09am
  • Posting to be notified.

    haggis
    30th September, 2011 at 1:09pm
  • This still isn’t working correctly for 2.3.1. Is this getting fixed? I recently upgraded from 1.6.8 to 2.3.1 and am getting many, many complaints from my users.

    Jim F
    15th January, 2012 at 11:01am
  • Pretty sure this isn’t working as expected for most of our users, based on twitter feedback. Running 2.4. Posting here to be notified.

    Ryan Masuga
    29th February, 2012 at 3:02pm
  • posting to be notified… Running 2.4.

    joann22
    26th March, 2012 at 8:03pm
  • Any word on this fix?

    Running 2.4.

    LucasHibbard
    03rd April, 2012 at 3:04pm
  • So, this was reported in 2.2.1 in August 2011, it was assigned, and it was apparently fixed, but the “when” of that isn’t clear here. There is also no “official” hotfix or patch listed here so those of us not scared to fix this stuff manually can benefit and repair our site(s). We have no idea when this fix is going to be available. Can you confirm that Bjorn’s workaround/patch from September 4, 2011 is viable?

    Ryan Masuga
    28th April, 2012 at 1:04pm
  • This is a major problem. I was able to patch 2.3.1 to get things working but the section was rewritten.

    Why are users assigned different Remember Me id’s across IPs and browsers? It seems to me a single remember me code associated with a single user makes sense as long as the same login and password are used.

    EE Version: 2.4, build 20120123 Is MSM installed? Yes Linux/Windows Host? Linux CP Session Type: Cookies User Session Type: Cookies Allow multiple logins? Yes Require IP for login? yes Cookie Domain: .mysitedomain.com Cookie Path: none Cookie Prefix: Choose: Happens to (all/some) users (consistently/sometimes). Some/sometimes. This is particularly a problem for Blackberry users. Have you experienced the issue yourself? Yes, constantly. Client OS (name and version): various Client Browser (name and version): various

    Again, this is a significant issue for usability. A person should be able to select “keep me logged in” and should be able to be logged in.

    Jim F
    03rd May, 2012 at 9:05am
  • mdesign, I can confirm that I still have the problem on your site as well. FYI, the Bjorn patch will not work as EE completely redid the code for 2.4 and made the process even more restrictive than in was in 2.3.1 (and below).

    With the proliferation of mobile devices not being to stay logged in is a real annoyance for users.

    Jim F
    03rd May, 2012 at 9:05am
  • Sigh, posting to be notified.

    Ben Lilley
    03rd May, 2012 at 5:05pm
  • Also posting to be notified, comment from EL on this would be nice too, it’s not a minor bug

    mojacreative
    07th May, 2012 at 9:05am
  • Definitely frustrating, hopefully the team finally corrects it!

    encryptdesigns
    08th May, 2012 at 10:05am
  • This Remember Me functionality is still broken in V2.5.

    Pascal, can you please comment on the progress of this bug? It was reported on 08/10/2011 and is a huge pain in the ass!

    Anna

    MediaGirl Inc.
    18th May, 2012 at 12:05pm
  • Hey everyone,

    First, sorry that we had this marked as “Fixed”, it’s clearly not (although we thought it was at the time). We are also experiencing this very same bug and it annoys us as much as it annoys you. And as much as you don’t want to hear “we’re looking into this”, that’s what we’re doing. We have a plan on how to fix this and we’re planning on testing out the fix soon enough. Once there’s more to report, I will let you know here.

    Wes

    Wes Baker
    18th May, 2012 at 3:05pm
  • Wes,

    You know I never get logged out of the EE site. Perhaps I have an old cookie or something.

    Thank you for the update.

    Anna

    MediaGirl Inc.
    18th May, 2012 at 3:05pm
  • Wes,

    Any update on this bug? It’s almost a year old at this point and no update since your post in middle May…

    Thank you in advance, Anna

    MediaGirl Inc.
    06th August, 2012 at 1:08pm
  • Hi Anna,

    I’m unable to reproduce using Bjørn’s steps, are you able to reproduce it that way? If not, it’s likely a different issue. Do you happen to have reproducible steps we could follow to help us fix this?

    Thanks! Kevin

    Kevin Cupp
    16th August, 2012 at 12:08pm
  • I can confirm not being able to reproduce this, must’ve been fixed recently I guess?

    Bjørn Børresen
    16th August, 2012 at 1:08pm
  • I’m still logged in to both control panels after using Bjorn’s steps. So different issue.

    I don’t have reproducible steps except this… login then wait until the next day and you will be logged out.

    My current project is on EngineHosting servers with the latest version of EE. Almost every day when I start work I have to log back into the control panel after logging in the previous day and selecting “Remember Me”. I’m working on the server, not locally. I don’t know what’s different about the days when it does stick but that doesn’t happen often. Most days I have to re-log in. My login at Devot-ee and ExpressionEngine sometimes stick, other times they don’t. I just checked both sites and I’m still logged in. But I bought software on Devot-ee last week and I had to login.

    This bug started last fall when I was working on a project last September… so whatever version was out then was where the issue started for me. Every project I’ve worked on since has had the issue of Remember Me sticking overnight. I’ve never had to login again on the same day. Note, I leave my computer on overnight and rarely close my browser. I will close the project tabs sometimes but not always. In both cases I have to relog in. Happy to screen share with you so you can check things on my end.

    Most of my projects are on EngineHosting or Site5 servers.

    Anna

    MediaGirl Inc.
    16th August, 2012 at 6:08pm
  • I’ve also had a couple recent projects on a MediaTemple VPS that don’t stick.

    Anna

    MediaGirl Inc.
    16th August, 2012 at 6:08pm
  • Also, all my projects are set to Cookies Only for both CP and User sessions.

    MediaGirl Inc.
    16th August, 2012 at 6:08pm
  • Thank you, Anna. I’ll test this over the next few days using what you’ve described and see what I can find out.

    Kevin Cupp
    16th August, 2012 at 9:08pm
  • I’m just starting to dig into this as we only recently upgraded to 2.5.1, but I’m getting reports from my users of the “keep me logged in” option not working. Like Anna, we are set to Cookies Only for both CP and User sessions.

    Adam Christianson
    09th September, 2012 at 10:09am
  • im running 2.5.3 with MSM and forums and i also get continuously complains that “keep me logged in” nor “remember me” isnt working at all. Users have to log in every single time to my site. Is there some light coming or are we waiting 1+ years still?

    Riverboy
    29th November, 2012 at 3:11am
  • Following.

    Cartegraph
    29th November, 2012 at 1:11pm
  • Same problem here, running 2.5.3, getting logged out every day…very annoying!

    avroo
    06th December, 2012 at 8:12am
  • this is the bug that won’t die. posting to be notified.

    srevoal
    07th December, 2012 at 3:12pm
  • Ya I have a client that is very upset over this due to the amount of complaints he’s received from his users. Posting to be notified on this as well. ugh.

    design132
    20th December, 2012 at 5:12pm
  • Kevin,

    Can we can an update on progress made with this Remember Me bug? We’re going on a year and a half almost with this bug being in existence. If it can’t be fixed by the internal team, may I suggest offering a bounty to the first EE developer who can fix it? 10 free EE license can be the bounty… or cash. It’s time to get it fixed.

    Anna

    MediaGirl Inc.
    20th December, 2012 at 5:12pm
  • Couldn’t agree more. Honestly surprised no is selling a “patch”.

    Cartegraph
    20th December, 2012 at 7:12pm
  • sorry to bump this. I realize it’s only been a year and a half… but is there any progress on this. Surely this won’t be ignored… or will it?

    design132
    28th December, 2012 at 2:12pm
  • The status of this ticket needs to be updated to something else than “See comments”

    Bjørn Børresen
    11th March, 2013 at 8:03am
  • posting to be notified…. I keep getting a lot of angry emails from my users, but seems that Ellislab doesnt have the time or knowledge to fix own product?

    Riverboy
    29th March, 2013 at 7:03am
  • We have at least four sites where this is still an issue. Posting to be notifi…oh wait. I’ve already commented on this one roughly a year ago. le sigh

    Ryan Masuga
    09th April, 2013 at 2:04pm
  • Can this be fixed please? Lots of customers are complaining about this non-working basic-functionality.

    amimpact
    09th July, 2013 at 8:07am
  • The auto-login feature doesn’t work at all. I tried to follow the default member area’s ‘auto-login’ but it is also not working. I am surprised. This doesn’t work in 2.2.1 and I tested with newer version 2.6.1 It is not working there too. I am going to use $_COOKIES of php to handle this. hope this serve my purpose. :(

    Abhilekha
    30th September, 2013 at 6:09am
  • Abhilekha, remember me should be fixed as of the 2.6.0 release. If you are running into an issue on 2.6.1, that would be unexpected. Can I get you to add in a new bug report noting the release and laying out how I can test to replicate?

    Robin Sowell
    30th September, 2013 at 10:09am
  • This is still broken for me as of 2.7 - posting to be notified.

    MH_Jez
    06th January, 2014 at 8:01am
  • MH_Jez- can I get you to post a new bug report and walk me through how to replicate the problem. The code for this has been completely rewritten and the problem you’re experiencing has got to have a different cause. I think it will be confusing to include it at the end of a really long discussion.

    If you can just start a new thread- let me know whether the problem is backend/frontend or both, what your session settings are for backend and frontend (Admin- Security and Privacy- Security and Session Preferences), and then lay out what’s happening in some detail. ‘You log in on Monday, edit an entry, close the tab for the night, open the control panel back up the next day and you have to submit login info’- something along those lines. And note- currently if you leave the control panel open in the browser, you will be logged out after being idle for an hour, regardless of your ‘remember me’ settings. So it’s possible that’s what’s going on.

    In any case, starting up a new report will likely help get a speedy resolution.

    Robin Sowell
    06th January, 2014 at 3:01pm
  • Sorry Robin - it looks like it is indeed the ‘logged-out after 1 hour’ Bug that’s affecting me here.

    MH_Jez
    07th January, 2014 at 4:01am
  • Ah- log out on idle. That’s technically not a bug- it’s intended. But it’s confusing enough folks I’d already brought it up with the development team and they’re considering our options.

    Robin Sowell
    07th January, 2014 at 12:01pm

You must be signed in to comment on a bug report.

ExpressionEngine News

#eecms, #events, #releases