initialize session false + login plugin -> RuntimeException (403)

[Japhys]

I only want a session cookie whenever a guest is logging in and no cookies for anonymous guests.
So I disabled initialize session
I was under the impression login would initialize a session anyway
But something went wrong
See attach
Happens both in 1.6 and 1.7
Clean browser, no cache
Am I wrong? Is this not going to work with login plugin?

[rhukster]

Login does require the session to be enabled at all times. The disabled session option is really only intended for use cases where there is no login at all.

[Japhys]

Thanks for clearing that up, and so fast :)

I was experimenting with varnish and it would make it a lot easier to cache for anonymous users, hence the question

[mahagr]

The above code fails on rememberme, which requires the session to be stored. If you disable it, you may get a step forward.

[Japhys]

That was my initial thought as well, however it didn't solve the problem. Plugin still didn't work when initialize session was disabled.

[mahagr]

I just tested this out. Remember me does seem to think that you stole the cookie.

The main issue here is that there is no way to figure out if user has been logged in if you don't open the session. So the only way to fix this is to destroy the session if user hasn't been logged in, though I don't know if it will still send the cookie.