After a lot of digging...
emanuele smells a bug
In Register_Controller::action_register2 the login cookie is set using the member name (strtolower), the plain text password and the salt.
In any other place the login cookie is set and checked using the hashed password and the salt.
So, checks fail and user is kicked.
The bug could be a consequence of 1.0.7 patch, and requires a couple of changes.
In Register.controller.php:
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util:
:strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password
_salt']));
becomes:
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', $regOptions['password_hash'] . $regOptions['register_vars']['password_salt']));
and in Members.subs.php:
$password = $regOptions['password'];
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array(
'member_name' => $regOptions['username'],
'email_address' => $regOptions['email'],
'passwd' => validateLoginPassword($password, '', $regOptions['username'], true),
becomes:
$password = $regOptions['password'];
$regOptions['password_hash'] = validateLoginPassword($regOptions['password_hash'], '', $regOptions['username'], true);
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array(
'member_name' => $regOptions['username'],
'email_address' => $regOptions['email'],
'passwd' => $regOptions['password_hash'],
TBH I have not tested these very deeply, so it may break something, but the "immediate registration" makes the user immediately logged in.