[#13009] - Custom login does not send new session information after login, and therefore does not work but returns you to the login screen.
- Closed
- 24 Nov 2016
- Low
- Build: 3.6.4
- # 13009
Steps to reproduce the issue
Log in using a custom login program to the back end. The log in succeeds, but Joomla returns to the login screen
Expected result
Successful login
Actual result
Login fails - you get the login screen again.
Logging in via Joomla is not an issue.
System information (as much as possible)
Joomla 3.6.4 under IIS Windows 10, PHP 7.
Additional comments
I spent a very long time investigating this, and concluded that the Joomla user plugin (/plugins/user/joomla/joomla.php) creates a new session as part of the login process. When you log in via the standard Joomla process, that session gets sent to the program when login is complete. Logging in via the custom routine sends the old, obsolete session, so the login
fails. Removing the $session->fork() statement and the ones deleting the old session from the database resolved the problem. See Google Groups posting for more information.
It would be good to know how the session is preserved so one could fix the problem. The workaround is clearly not fit for a site that is exposed to the Internet.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-11-24 19:20:16 |
| Closed_By | ⇒ | brianteeman |
I am closing this here. The correct place for discussing custom development is the Google group where you already have a post.