Tested on ezp4.4.0 servicepacks er applied with dp's 18501 patch applied Known factors regarding how session cookies are set RememberMeTimeout ini setting RequireUserLogin=true ini setting Run 2 ===== enabling "Remember me" by putting this in settings/override/site.ini.append.php: [Session] RememberMeTimeout=3600 on siteaccess with "RequireUserLogin=true" ( typically admin siteaccess ) ------------------------------------------------------------------------- scenario 1 : Clear cookies in browser load /user/login (cookie might be set by view) then login *without* "remember me" scenario 2 : Clear cookies in browser do *not* load /user/login ( so no cookie set ) then login *without* "remember me" scenario 3 : Clear cookies in browser load /user/login (cookie might be set by view) then login *with* "remember me" scenario 4 : Clear cookies in browser do *not* load /user/login ( so no cookie set ) then login *with* "remember me" on siteaccess with "RequireUserLogin=false" ( typically front end siteaccess ) ------------------------------------------------------------------------------ scenario 5 : Clear cookies in browser load /user/login (cookie might be set by view) then login *without* "remember me" scenario 6 : Clear cookies in browser do *not* load /user/login ( so no cookie set ) then login *without* "remember me" scenario 7 : Clear cookies in browser load /user/login (cookie might be set by view) then login *with* "remember me" scenario 8 : Clear cookies in browser do *not* load /user/login ( so no cookie set ) then login *with* "remember me" Results: -------- scenario 1 : on /user/login: Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=e6p6sl5b0ib04ipk1ohhfugg55; path=/ on "Log in": Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=64ttpjv3cve2sbeman9088re07; path=/ Comment : just accessing /user/login creates session cookie for some reason? scenario 2 : *ERROR* Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=t545v3a5sca5bs4kjbutja8mn5; path=/ eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=sgncqosrf7aovpl7uav3l76rh4; path=/ scenario 3 : on /user/login: Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=7slqh4hu2imvs4ehi1hm5j2nu6; path=/ on "Log in": Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=n4mkn0ancla5sa757kh43tssf2; expires=Wed, 27-Jul-2011 10:07:28 GMT; path=/ Comment : just accessing /user/login creates session cookie for some reason? Without the DP patch, you also get a duplicate session cookie upon "Log in" in this scenario scenario 4 : *ERROR* Set-Cookie eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=4149irhmjhfousqsuin4j17q16; path=/ eZSESSID43ddfa75b9a5eb0a99386f91f15a8057=b0li96j68rsrjscg3ecdnl96i1; expires=Wed, 27-Jul-2011 10:08:16 GMT; path=/ scenario 5 : on /user/login: on "Log in": Set-Cookie eZSESSID=tlt7bee42eufvealb517dn6qc2; path=/ scenario 6 : Set-Cookie eZSESSID=10oddv28klc2rg1mdbgvpk25a3; path=/ scenario 7 : on /user/login: on "Log in": Set-Cookie eZSESSID=a80r8i87slt64dt74m70kpo9a1; expires=Wed, 27-Jul-2011 10:13:12 GMT; path=/ Comment : Without the DP patch, you also get a duplicate session cookie upon "Log in" in this scenario scenario 8 : Set-Cookie eZSESSID=lpfgomktma9607aujej8n8uv76; expires=Wed, 27-Jul-2011 10:14:03 GMT; path=/