Core

Hi Jan,

what did you configure to enable permalogin?
What is set in the Install Tool for FE-cookies?

hi Markus,

I got:
'FE' => array(
'activateContentAdapter' => '0',
'checkFeUserPid' => '1',
'compressionLevel' => '5',
'cookieDomain' => '',
'cookieName' => 'mydomain_typo_user',
'disableNoCacheParameter' => '0',
'lifetime' => '60480000',
'lockIP' => '0',
'loginSecurityLevel' => 'normal',
'pageNotFoundOnCHashError' => '0',
'permalogin' => '1',
),

and
'SYS' => array ('cookieDomain' => '.mydomain.de',)

I also encounter the same issue.

I saw the TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie() method is explicitly called from TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::createUserSession(). I understand this is done because of the definition of dontSetCookie to TRUE in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication::__construct(). This way the session cookie is always set, because the setSessionCookie method always determine that the cookie is for the session in this case, as the user is not yet defined.

On workaround would be to call setSessionCookie another time in FrontendUserAuthentication::createUserSession if permanent login is requested. This way, the not session cookie will also be defined.

It may be a better approach to set only one cookie. For this, in FrontendUserAuthentication::createUserSession, to instruction order must be reversed. AS there is a return value in the call to AbstractUserAuthentication::createUserSession, it must be saved and returned after.

I am doing some more tests.

As a workaround, I have changed the method FrontendUserAuthentication::createUserSession to

1       $this->setSessionCookie();
2        $data = parent::createUserSession($tempuser);
3        if ($data['ses_permanent']) $this->dontSetCookie = FALSE;
4        return $data;

I had the same problem with the permalogin. The solution mentioned above by Pierrick worked fine for me and I pushed it to Gerrit.

https://review.typo3.org/#/c/31607/

The status of the ticket did not change. Is this correct?

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/31754

I think its still buggy.
I got here a fresh install of 6.2.7 and want to to a login in the context of my extension.
So i call:

$GLOBALS['TSFE']->fe_user->createUserSession

But this doesnt create a cookie because in line 125 of FrontendUserAuthentication.php

$this->dontSetCookie = TRUE;

Line 266 in FrontendUserAuthentication.php in does not seems to be effective... Something might be broken since the last patch...

$this->dontSetCookie = FALSE;

Workaround
Clearly it helps to remove line 125, But i realy dont know what i do there :)

@Andre: First, 6.2.7 is fairly old already again. ~80 new bugfixes are in 6.2.9 now.

Your problem is not a bug in the core, but you're using (as many others as well) internal core API.
All you need to do after your call to $GLOBALS['TSFE']->fe_user->createUserSession is to set some dummy data to the user session.

See also my fix for onetimeaccount:
https://git.typo3.org/TYPO3CMS/Extensions/onetimeaccount.git/blobdiff/b9bca530b155bb10d68ce3bef614db7d158b1bc3..d9dd642338ea8cc00de0cc422d2cd6bc0d219cad:/pi1/class.tx_onetimeaccount_pi1.php

Thank you for your help.

Your workaround looks much better but its still a workaround.

There have to be something wrong in the FrontendUserAuthentication.php

There is nothing wrong. The behaviour is totally fine.
Calling createUserSession() does not mean that a cookie needs to be placed in all cases. e.g. when there's no data in the session.
The core is now really working well and avoids FE cookies whenever possible.

sorry, wrong bug
( https://forge.typo3.org/issues/62194 )