[#47985] - [5.4] Cookie authentication: load language file so log message is translated
- Fixed in Code Base
- 19 Jun 2026
- Medium
- Build: 5.4-dev
- # 47985
- Diff
- tecpromotion:5.4/fix/fix-loadlanguage-authentication-cookie-plg
User tests: Successful: Unsuccessful:
Pull Request resolves # .
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
The "Authentication - Cookie" plugin logs a security message when a remember-me login fails because the stored token does not match (possible stolen/guessed cookie). The message uses the language string PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILED, but onUserAuthenticate()
never loads the plugin's language file, so the raw language key is written to the log instead of the translated text.
This PR adds $this->loadLanguage(); in onUserAuthenticate(), consistent with onPrivacyCollectAdminCapabilities() in the same plugin, which already loads the language before using Text. The string is now translated before it is passed to Log::add().
Testing Instructions
- Make sure the "Authentication - Cookie" plugin is enabled and that error logging is on (
everything.php/ categorysecurity). - On the frontend, log in with the "Remember Me" box checked. This creates a row in
#__user_keysand ajoomla_remember_me_*cookie. - Simulate a token mismatch: in the browser dev tools edit that cookie and change the part before the dot (the token), leaving the part after the dot (the series) unchanged. (Alternatively, change the
tokenvalue of the matching row in#__user_keysto a wrong hash.) - Reload a frontend page so the cookie authentication runs.
- Open the log file (
administrator/logs/everything.php) and look at thesecurityentry.
Actual result BEFORE applying this Pull Request
The log contains the untranslated language key:
PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILED
Expected result AFTER applying this Pull Request
The log contains the translated message, e.g.:
Cookie login failed for user 0.
Yes, for user 0. This is another bug and will be fixed later!
Link to documentations
Please select:
-
Documentation link for guide.joomla.org:
-
No documentation changes for guide.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Front End Plugins |
I have tested this item ✅ successfully on 98e973d
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
I have tested this item ✅ successfully on 98e973d
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
I have tested this item ✅ successfully on 98e973d
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
I have tested this item ✅ successfully on 98e973d
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
| Status | Pending | ⇒ | Ready to Commit |
| Labels |
Added:
bug
PR-5.4-dev
|
||
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47985.
| Labels |
Added:
RTC
|
||
✅ Final test before merge
- Seen
PLG_AUTHENTICATION_COOKIE_ERROR_LOG_LOGIN_FAILEDbefore - Applied PR with Patch Tester, seen
Cookie login failed for user 0.
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2026-06-19 15:47:55 |
| Closed_By | ⇒ | muhme |
Thank you very much @tecpromotion for your contribution. Thanks to @brianteeman and @CSGoat0 for testing.
Tried both - when refreshing the front end i am still logged in and nothing new in the logs