FormIt plugin with `anonymous_sessions` inactive, causes manager login to fail

[blibio]

Bug report

Summary

With anonymous_sessions deactivated, and having FormIt installed, the manager login is no longer possible.

Steps to reproduce

Deactivate anonymous_sessions, clear cache, logout of manager.

Observed behavior

Login is no longer possible.

Expected behavior

Login is should be possible.

Versions

FormIt 4.2.5-pl MODX 2.7.3-pl

---

After some debugging, I found that the call to $this->modx->hasPermission in the FormIt constructor (\Sterc\FormIt::__construct), ultimately causes \modX::$_sessionState to end up as modX::SESSION_STATE_EXTERNAL. Which in turn causes \modX::startSession to never call session_start().

The following error is logged:

(ERROR @ ****/core/model/modx/moduser.class.php : 367) PHP warning: session_regenerate_id(): Cannot regenerate session id - session is not active

The problem is solved if I:

• deactivate the Plugin in the manager (not the whole extra, just the plugin)
• or comment out the above mentioned call to $this->modx->hasPermission.

[martinf55]

Another solution: anonymous_sessions=0 should be set in the Context Settings for 'web' rather than in system settings. So it applies only for the front-end, while allowing the 'mgr' context login page to start the session and set the cookie required for login, regardless of which plugin events are firing.