Merge pull request #282 from silinternational/fix-call-to-updateUserL…

…astLogin

Release 10.1.1 fix updateUserLastLogin is called regardless of validity of rememberMeToken

modules/mfa/src/Auth/Process/Mfa.php

@@ -700,9 +700,11 @@ public static function isRememberMeCookieValid(
             if ((int)$expireDate > time()) {
                 $expectedString = self::generateRememberMeCookieString($rememberSecret, $state['employeeId'], $expireDate, $mfaOptions);
                 $isValid = password_verify($expectedString, $cookieHash);
-
-                $idBrokerClient = self::getIdBrokerClient($state['idBrokerConfig']);
-                $idBrokerClient->updateUserLastLogin($state['employeeId']);
+
+                if ($isValid) {
+                    $idBrokerClient = self::getIdBrokerClient($state['idBrokerConfig']);
+                    $idBrokerClient->updateUserLastLogin($state['employeeId']);
+                }
 
                 return $isValid;
             }