“Remember Me” functionality broken in 2.2.1 / Bug Report / EllisLab

This bug report is over one year old and may not be relevant.

See Comments (?)

“Remember Me” functionality broken in 2.2.1

Version: EE 2.2.1, Reporter: Bjørn Børresen

Hi guys,

we’re having some issues with the “Remember Me” functionality after 2.2.1. I know this has been reported before (http://ellislab.com/forums/viewthread/195115/) and that a feature request was suggested. I’d like to report this as a bug though.

This is functionality that worked as expected prior to the release of 2.2.1. Checking “Remember Me” would set a cookie in your browser and you wouldn’t have to log in for a certain period of time. You could visit your favorite website at home and at work, and the remember me functionality would work as expected.

After 2.2.1 it does not work as expected. I don’t think anyone expects a remember me feature to invalidate the cookies set in your other browsers when you’re using it in a new browser. That’s what currently happens - use remember me and it will log you out everywhere else.

How to reproduce
1. Log in w/firefox. Log in w/chrome. You’ve got two sessions working fine in each browser.
2. Delete the entries in your exp_sessions table so that it will have to fallback on the cookie.
3. Refresh your browsers and notice that only the last login works (the other cookie has been invalidated)

If you try the above on an EE install prior to 2.2.1 it will work as expected - that is, it will fallback to the cookie in both browser and you’ll still be logged in both places.

To conclude, this functionality has gone from working as expected to producing unexpected behavior. So, I in my opinion this is a bug that should be fixed.

“planespotter” has some good ideas in his FR here: http://ellislab.com/forums/viewthread/195348/

Comments & Feedback

  1. This is also broken in v2.2.2 - Build: date 20110801

  2. Any fix that we can hack in ourselves?

  3. This workaround works: http://ellislab.com/forums/viewthread/195115/#919183

    If you’re familiar with patch files you can run this: http://pastebin.com/sze8jb0L

    Picture of Bjørn Børresen

    Bjørn Børresen

  4. Posting to be notified.

  5. This still isn’t working correctly for 2.3.1. Is this getting fixed? I recently upgraded from 1.6.8 to 2.3.1 and am getting many, many complaints from my users.

  6. Pretty sure this isn’t working as expected for most of our users, based on twitter feedback. Running 2.4. Posting here to be notified.

  7. posting to be notified… Running 2.4.

  8. Any word on this fix?

    Running 2.4.

  9. So, this was reported in 2.2.1 in August 2011, it was assigned, and it was apparently fixed, but the “when” of that isn’t clear here. There is also no “official” hotfix or patch listed here so those of us not scared to fix this stuff manually can benefit and repair our site(s). We have no idea when this fix is going to be available. Can you confirm that Bjorn’s workaround/patch from September 4, 2011 is viable?

  10. This is a major problem. I was able to patch 2.3.1 to get things working but the section was rewritten.

    Why are users assigned different Remember Me id’s across IPs and browsers? It seems to me a single remember me code associated with a single user makes sense as long as the same login and password are used.

    EE Version: 2.4, build 20120123 Is MSM installed? Yes Linux/Windows Host? Linux CP Session Type: Cookies User Session Type: Cookies Allow multiple logins? Yes Require IP for login? yes Cookie Domain: .mysitedomain.com Cookie Path: none Cookie Prefix: Choose: Happens to (all/some) users (consistently/sometimes). Some/sometimes. This is particularly a problem for Blackberry users. Have you experienced the issue yourself? Yes, constantly. Client OS (name and version): various Client Browser (name and version): various

    Again, this is a significant issue for usability. A person should be able to select “keep me logged in” and should be able to be logged in.

  11. mdesign, I can confirm that I still have the problem on your site as well. FYI, the Bjorn patch will not work as EE completely redid the code for 2.4 and made the process even more restrictive than in was in 2.3.1 (and below).

    With the proliferation of mobile devices not being to stay logged in is a real annoyance for users.

  12. Sigh, posting to be notified.

  13. Also posting to be notified, comment from EL on this would be nice too, it’s not a minor bug

    Picture of mojacreative


  14. Definitely frustrating, hopefully the team finally corrects it!

    Picture of encryptdesigns


  15. This Remember Me functionality is still broken in V2.5.

    Pascal, can you please comment on the progress of this bug? It was reported on 08/10/2011 and is a huge pain in the ass!


    Picture of MediaGirl Inc.

    MediaGirl Inc.

  16. Hey everyone,

    First, sorry that we had this marked as “Fixed”, it’s clearly not (although we thought it was at the time). We are also experiencing this very same bug and it annoys us as much as it annoys you. And as much as you don’t want to hear “we’re looking into this”, that’s what we’re doing. We have a plan on how to fix this and we’re planning on testing out the fix soon enough. Once there’s more to report, I will let you know here.


  17. Wes,

    You know I never get logged out of the EE site. Perhaps I have an old cookie or something.

    Thank you for the update.


    Picture of MediaGirl Inc.

    MediaGirl Inc.

  18. Wes,

    Any update on this bug? It’s almost a year old at this point and no update since your post in middle May…

    Thank you in advance, Anna

  19. Hi Anna,

    I’m unable to reproduce using Bjørn’s steps, are you able to reproduce it that way? If not, it’s likely a different issue. Do you happen to have reproducible steps we could follow to help us fix this?

    Thanks! Kevin

  20. I can confirm not being able to reproduce this, must’ve been fixed recently I guess?

    Picture of Bjørn Børresen

    Bjørn Børresen

  21. I’m still logged in to both control panels after using Bjorn’s steps. So different issue.

    I don’t have reproducible steps except this… login then wait until the next day and you will be logged out.

    My current project is on EngineHosting servers with the latest version of EE. Almost every day when I start work I have to log back into the control panel after logging in the previous day and selecting “Remember Me”. I’m working on the server, not locally. I don’t know what’s different about the days when it does stick but that doesn’t happen often. Most days I have to re-log in. My login at Devot-ee and ExpressionEngine sometimes stick, other times they don’t. I just checked both sites and I’m still logged in. But I bought software on Devot-ee last week and I had to login.

    This bug started last fall when I was working on a project last September… so whatever version was out then was where the issue started for me. Every project I’ve worked on since has had the issue of Remember Me sticking overnight. I’ve never had to login again on the same day. Note, I leave my computer on overnight and rarely close my browser. I will close the project tabs sometimes but not always. In both cases I have to relog in. Happy to screen share with you so you can check things on my end.

    Most of my projects are on EngineHosting or Site5 servers.


  22. I’ve also had a couple recent projects on a MediaTemple VPS that don’t stick.


  23. Also, all my projects are set to Cookies Only for both CP and User sessions.

  24. Thank you, Anna. I’ll test this over the next few days using what you’ve described and see what I can find out.

  25. I’m just starting to dig into this as we only recently upgraded to 2.5.1, but I’m getting reports from my users of the “keep me logged in” option not working. Like Anna, we are set to Cookies Only for both CP and User sessions.

    Picture of Adam Christianson

    Adam Christianson

  26. im running 2.5.3 with MSM and forums and i also get continuously complains that “keep me logged in” nor “remember me” isnt working at all. Users have to log in every single time to my site. Is there some light coming or are we waiting 1+ years still?

  27. Following.

  28. Same problem here, running 2.5.3, getting logged out every day…very annoying!

  29. this is the bug that won’t die. posting to be notified.

  30. Ya I have a client that is very upset over this due to the amount of complaints he’s received from his users. Posting to be notified on this as well. ugh.

  31. Kevin,

    Can we can an update on progress made with this Remember Me bug? We’re going on a year and a half almost with this bug being in existence. If it can’t be fixed by the internal team, may I suggest offering a bounty to the first EE developer who can fix it? 10 free EE license can be the bounty… or cash. It’s time to get it fixed.


  32. Couldn’t agree more. Honestly surprised no is selling a “patch”.

  33. sorry to bump this. I realize it’s only been a year and a half… but is there any progress on this. Surely this won’t be ignored… or will it?

  34. The status of this ticket needs to be updated to something else than “See comments”

    Picture of Bjørn Børresen

    Bjørn Børresen

  35. posting to be notified…. I keep getting a lot of angry emails from my users, but seems that Ellislab doesnt have the time or knowledge to fix own product?

  36. We have at least four sites where this is still an issue. Posting to be notifi…oh wait. I’ve already commented on this one roughly a year ago. le sigh

  37. Can this be fixed please? Lots of customers are complaining about this non-working basic-functionality.

  38. The auto-login feature doesn’t work at all. I tried to follow the default member area’s ‘auto-login’ but it is also not working. I am surprised. This doesn’t work in 2.2.1 and I tested with newer version 2.6.1 It is not working there too. I am going to use $_COOKIES of php to handle this. hope this serve my purpose. :(

  39. Abhilekha, remember me should be fixed as of the 2.6.0 release. If you are running into an issue on 2.6.1, that would be unexpected. Can I get you to add in a new bug report noting the release and laying out how I can test to replicate?

  40. This is still broken for me as of 2.7 - posting to be notified.

  41. MH_Jez- can I get you to post a new bug report and walk me through how to replicate the problem. The code for this has been completely rewritten and the problem you’re experiencing has got to have a different cause. I think it will be confusing to include it at the end of a really long discussion.

    If you can just start a new thread- let me know whether the problem is backend/frontend or both, what your session settings are for backend and frontend (Admin- Security and Privacy- Security and Session Preferences), and then lay out what’s happening in some detail. ‘You log in on Monday, edit an entry, close the tab for the night, open the control panel back up the next day and you have to submit login info’- something along those lines. And note- currently if you leave the control panel open in the browser, you will be logged out after being idle for an hour, regardless of your ‘remember me’ settings. So it’s possible that’s what’s going on.

    In any case, starting up a new report will likely help get a speedy resolution.

  42. Sorry Robin - it looks like it is indeed the ‘logged-out after 1 hour’ Bug that’s affecting me here.

  43. Ah- log out on idle. That’s technically not a bug- it’s intended. But it’s confusing enough folks I’d already brought it up with the development team and they’re considering our options.

You must be logged in to comment on bug reports