@NicolasDerumigny - how exactly do I do this:

"Try to log in twice with the exact same cookie using the cookie authentication plugin, triggering a failed login" ?

I'll gladly test the PR, I just don't know how to do that?

@NicolasDerumigny - how exactly do I do this:

"Try to log in twice with the exact same cookie using the cookie authentication plugin, triggering a failed login" ?

I'll gladly test the PR, I just don't know how to do that?

@NicolasDerumigny Could you define the testing instructions in more detail or provide a screenshot or video? That would be great. Thank you.

Sure !

1. Log in on the website while checking "remember me"
2. In Firefox, open developer console -> Storage -> Cookies, right-click and "Delete All Session Cookies"
3. In the JS console, execute

Promise.all([fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'})])

Which pings ~20 times Joomla, triggering a race issue which should trigger the message.

Hello @NicolasDerumigny thank you for your PR and your testing description, now it's clear and I can reproduce the issue.

I think you found here two issues:

• the language string is not translated
• the "user_id" does not contain the ID but the user name, so the string itself is not correct and would need a "%s" instead of an "%u"

For the first issue I think your fix can be make easier, because plugins have a $this->loadLanguage() method, which loads the language file for the plugin. So no need to change the code, just add this call a line above. Then probably you could also fix the language string itself? Thank you!

Sure !

1. Log in on the website while checking "remember me"
2. In Firefox, open developer console -> Storage -> Cookies, right-click and "Delete All Session Cookies"
3. In the JS console, execute

Promise.all([fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}, {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'}),fetch("/component/ajax/?format=json", {method: 'POST'})])

Which pings ~20 times Joomla, triggering a race issue which should trigger the message.

Hi @NicolasDerumigny, I have done this in 2 different browsers, and I can't seem to find in any logs :

Joomla's log logs PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILED

/error_log or /administrator/error_log or /administrator/logs/error.php
(I even turned on Log Deprecated API and Log Almost Everything thinking I needed to do that, and nothing...)

;(

That's strange, especially given the fact that @bembelimen seems to have reproduced it. Are you sure to have deleted session-local cookies before each try? Else the browser will authenticate using session cookies and not remember me ones, which will not trigger the bug.

@bembelimen : I will update the string as soon as I can

I have tried several times, but I cannot find the error in the Joomla log.
Perhaps I did not understand the procedure described.