Solved Why does the "remember me" box not work as expected on my website?

sozzled wrote: I have no explanation for this.

I believe the explanation is "permanent cookies", not "sessions" or "session cookies".

Without divulging sensitive information about this website, the Joomla session length is longer than 30 minutes and less than 24 hours.

Sure, and I don't want that info... nor do I think the session is relevant.

Likewise, it is strange that the other Joomla sites you mentioned also seem to have your sessions kept alive long after they should have terminated.

I do not think that the "session is kept alive"... I think that a permanent cookie on my hard drive is created that allows me to do this. Again, this is my "expected result" on hundreds of web sites... and it works on all of those websites, except mine.

In order to "prove to myself" that I was, indeed, "logged out" of the Kunena.org site, and that the session had expired, I used my wife's iphone to browse to this site. A completely new device that had never been on this site. I navigated to this thread (without logging in) and saw the "Offline" tag over there in my profile box. --->

This conclusively proves that my session cookie had expired, and I was indeed "logged out". At that point, I went back over to my laptop and refreshed the kunena.org page I was on, and I was "logged in" to a brand new sessionID, without the intermediate step of having to use the username/password box. Went back to my wife's phone, and refreshed the page... sure enough, the button said "Now Online". (I'm still in a "guest" status on the phone)

In order for a user to remain logged-in to a Joomla site, one of two things must occur:

(a) the user's web-agent (i.e. browser) must refresh a page on that site before Joomla session length expiry has been reached; or

(b) the Joomla server handler on the server must be broken and the server may need to be restarted.

The word "remain" is deceptive. I do not think I am "remaining" logged in. I think that I have a permanent cookie on my hard drive that "lets me back in".

What I don't know is how to set this up on my server. Just as a test, I tried to type in a dot and a slash into the cookies boxes on my Joomla Global Config page.
Domain = .
Path = /

This had a negative result in that users were no longer able to log in at all. They went to the page, typed in username and password, and when they clicked "enter", the page simply refreshed and they were still at the login dialog box.

I have an odd set up (described in the OP), with my server running two different webservers, and redirecting port:82 requests to the Apache server / Joomla site. I don't know if my issues are because of this, or if there is a different way to set up cookies in this scenario.

If you would like to discuss this further with me (offline from the forum) and you have the time, contact me by email and we will arrange to chat via Skype.

Per the discussion in the other thread, I did send an email to the address listed on the team page... this is a copy from the email headers... perhaps it went to the junk bin? My skype address is the one listed in the from address here, not my address I registered with on the kunena site. I'll be available most of the day if you would like to contact me, starting about 1 hour from now for a 6 hour window.

I'd like to report my findings and wrap up this topic. Since it's not in the support request category, it doesn't really need to be marked as "resolved", but since others might see this when searching for similar problems, I will post what I know.

The entire original post could probably have been asked better: "Why does the "remember me" box not work as expected?" That probably would have been a simpler question that was less vague and more to the point, and therefore less confusing. :^)

The expected result, when checking this box upon logon, is that the next time you visit the website, you will not have to walk through the logon process. I was not getting this result. But I've since discovered why.

What SHOULD happen, when checking this box, is that a persistent cookie should be written to your computer's hard drive, in whatever location your particular browser is set to store such cookies, assuming that you've not configured your browser to not accept cookies. From that point, if you ever re-visit the website at after your session has expired, then your browser will pass your user authentication to the server in the background, using the information in that cookie. Assuming that you're within the required window (60 days by default) and that your user information has not been changed on the server (i.e. you changed your password using another browser, or the admins locked your account, etc.), the user experience should be that no logon process occurred using the logon form. The user is just "automagically" logged on.

Anyone with a Joomla + Kunena website will know that there are at least two logon modules - the joomla logon module, and the kunena logon module. I haven't read through the scripting code to know exactly how each one works, or from exactly which part of the resulting HTML was generating the cookie, but here is what I eventually discovered:

1. If I logon through the Joomla login module, I would get the proper cookie. I could return to the site, at any page, at any time (within 60 days), and resume what I was doing without having to re-logon.

2. If I logon through the Kunena login module, I would still get a proper cookie, but the cookie path was set to the Kunena component (with a path of /forum in my case). What this means is that if I return to the website at any time (within 60 days) and access a page within the forums, then I would still be "logged in" (i.e. my cookie would re-authenticate me without direct action on my part).
..... HOWEVER .....
Since the path inside my cookie was written as /forum, because I originally logged in using the kunena login module, if I went back to the website by visiting any page NOT within this path (such as the home page), then the cookie would NOT re-authenticate me because I was not accessing a page within the path authorized to the cookie. Therefore, I would see a "welcome guest" text, and a logon dialog box.

In both of the above scenarios, the "Cookie Settings" in my Joomla global configuration settings was blank. Normally, this is ok. But in this case, (I hypothesize that) the blank setting allowed the Kunena logon module to write the cookie from the Kunena point of view, which is /forum. By changing the Joomla setting and inserting a "/" into the "Path" box, this forced the Kunena logon module to pass a "root path" ("/") inside the cookie, if the user was logging in through the Kunena module.

============
The end result is that putting a / in the "cookie path" global settigns box solved my problem, and now all cookies written from any login module will allow the cookie to re-authenticate the user when the user re-visits the website by landing on any page.

jimrowland wrote: ... putting a / in the "cookie path" global settigns box solved my problem, and now all cookies written from any login module will allow the cookie to re-authenticate the user when the user re-visits the website by landing on any page.

I'm glad you figured it out.

I have renamed this topic and I think we can mark it as resolved.

I have been searching for months for this!
Brilliant, thanks!