I had exact problem with cookie cleaning + 20 times login tryes and session lost after browser closing.
So, we could not update php beacause of cpanel. New php will cause problems to hosting.
I have solved that problem with this code replacing in libs/operator.php:
function calculate_password_hash($login, $password)
{
$hash = '*0';
// if (CRYPT_BLOWFISH == 1) {
if (1 == 2) {
if (defined('PHP_VERSION_ID') && (PHP_VERSION_ID > 50306)) {
$hash = crypt($password, '$2y$08$' . $login);
$hash = crypt($password, '$2y$08$' . $login);
$hash = crypt($password, '$2y$08$' . $login);
}
else {
$hash = crypt($password, '$2a$08$' . $login);
$hash = crypt($password, '$2a$08$' . $login);
$hash = crypt($password, '$2a$08$' . $login);
}
}
if ( (CRYPT_MD5 == 1) && !strcmp($hash, '*0') ) {
$hash = crypt($password, '$1$' . $login);
}
return strcmp($hash, '*0') ? $hash : md5($password);
}
I have disabled CRYPT_BLOWFISH and regenerated password hashes (changed/restored passwords to equal ones)
You can fully comment/delete first block from blowfish to md5 if because crypt generates different values.
Maybe, you can find better solution (: