Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
TokenHandler currently listens to the Kernel Request event directly, and weights itself to execute in relation to AuthenticationManager.
The AuthenticationManager iterates through the available providers and returns the first that applies to the current request. PL needs to be weighted before Cookie so that it can act when a cookie is provided for an expired session, but defer to Cookie for valid sessions.
Steps to reproduce
Proposed resolution
Implement AuthenticationProviderInterface, and update the service definition.
Remaining tasks
User interface changes
API changes
TokenHandlerno longer defers touser_login_finalize().- The user's last login timestamp is not updated when a token is consumed, and
user_loginhooks are not invoked. - A log message is sent to the
userchannel indicating a persistent login token was used.
- The user's last login timestamp is not updated when a token is consumed, and
Data model changes
Issue fork persistent_login-3349762
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
gappleWeighting PL to execute after Cookie will reintroduce the issue from #3349484: PL token won't start new session if old session expired from DB, so it needs to come first but have a more extensive
applies()check to defer to Cookie when necessaryComment #4
gappleBumping to 2.x since this will change the behaviour when a token is used.
Comment #5
gappleComment #7
gapple