I had some very simple code on a website to handle logins on the root of the site using ion_auth:
if(!$this->ion_auth->logged_in())
{
redirect("/login");
}
That page posts to /auth/login, which is handled by ion_auth. If the login is successful, the user is redirected to the root of the site. Otherwise, they go back to /login to try again. I initially thought I'd forgotten the password, but with a series of var_dump() calls, I found that the login is successful, but the call to $this->ion_auth->logged_in() returns false anyway.
All of this is after the host upgraded to PHP 7 - the code worked before. I've tried upgrading ion_auth, but it didn't help.
There were session related problems in early CI 3.x version, documented here and here
several session related issues were resolved in the latest versions, see the change logs
solution: update to CI 3.1.7. (latest version as writing)
Upgrading From a Previous Version
Related
Hey guys I'm working on a Codeigniter 3.1.11 project which is integrated with Sentinel 2.0.8 and I'm facing an issue which I couldn't figure out!
Whenever I redirect to an external page (A payment gateway) on the callback randomly I lost the session. I was debugging and I realized that a new session has been created on the server while the previous one already exists and I mentioned the new one is set on my PHPSESSID cookie. If I go and change the set the value of PHPSESSID cookie with the previous one it shows login again.
My question is why it creates a new session while the previous one exists and why it doesn't reload the previous session. This is the part of the code which gets called when it comeback from payment gateway:
empty(session_id()) ? session_start() : '';
I'm running on a LEMP Lando environment.
Ok, I found the issue, this is actually happening only in Google Chrome due to the version 80+ update. Google updated the settings for SameSite cookie that cause this problem in the callback from the 3rd part (Cross-Domain) in my case, a payment gateway.
To be able to fix, this there are solutions available base on the version of PHP and your webserver.
Here is an example for PHP:
https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md
Hope this helps! because it caused me to lose 3 days of my time!
First - coming back to this project - never saw this issue before so asking if anybody else has - when I set the project down it was working perfectly. Additionally - several other projects on the same server using the same setup are working flawlessly.
So problem is this.
I login, the login is valid (I'm using DirectoryTree/Laravel to authenticate against LDAP, and have logs showing authentication was successful. All other projects are also using DirectoryTree/Laravel - and since the login is processing I cant see this being the root cause).
I'm immediately redirected back to the / (correct behavior) - but the login form returns instead of loading the vue components when auth:check = true.
I can hard refresh the page - and suddenly I'm logged in. (Must clear cache hard refresh at the browser) same action whether on Firefox, Chrome, Edge. The log in is processed - but its like the session isnt being updated.
I'm using the normal login form with the ui:auth setup.
Anybody ever seen this?
Turns out the issue was a web service worker I had forgotten I had on the HTTPS site. Best guess is its not recognizing that the site is online and is reloading information from the cache as it is a PWA application meant to be used on the internal network of the company. Once I removed the service worker - all was good. Never saw this action from it before so will investigate that further, but I have at least found the main error.
Closing this question and shout out to #Wesley Smith for getting my brain working.
My Stack:
Laravel Version: 5.3.9
PHP Version: 7.0.8
Database Driver & Version: MySQL Ver 14.14 Distrib 5.7.15
Redis
I am using the Laravel auth:make scaffolding and when I login I am redirected to the correct page, but when I try to navigate to another page, I am redirected to login. I take a look at the debugbar and for the web routes auth, it says that I am logged in as a guest.
I created a route at /test-login that has this code:
Auth::attempt(['email' => 'email#email.com', 'password' => 'password']);
and I am logged in until I go to another page. For some reason, the session doesn't seem to be persisting for authentication. However, it appears that tokens are persisting in the session.
I tried installing a fresh copy of Laravel and moving all of the files that I edited over to that install and it still doesn't work, so it must be something in one of my files, I just can'y figure out what. I also uninstalled predis/predis because that was around the time I noticed some issues - no luck. For the session, I now have it using file instead of Redis. Any ideas?
Steps To Reproduce:
Login from the /login path
I am redirected to the correct page upon successful login
I try and navigate to another page
I am redirected back to login
I finally found it... Dumb mistake on my part. For the logout link in my nav partial, I had
{{ Auth::logout() }}
Which logged me out since every page included the nav partial. Well... it happened and I spent too much time looking for it too.
I moved my WordPress install from a development server to a freshly installed CentOS Apache 2.2 PHP 5.3 server. Initially, everything was working well. Logging in wasn't a problem, but then I noticed after logging in as a WordPress user and loading a new page I would be logged out.
What PHP settings do I need to have enabled, or are there any other considerations, when using a fresh server for WordPress that would make users not able to stay logged in (almost like the session isn't saving them)?
edit
It seems like the server isn't logging people in, but is reading the $_POST variable, so why would WordPress not save logging in?
The answer was looking at output_buffer. When this was off, the wp functions couldn't save to the session because something was already writing to the header.
Using symfony framework 1.4 I have created a website. I'm using sfguard for authentication.
Now, this is working great on WAMP (windows). I can login to several accounts on different browsers and use the website.
I have ubuntu server 9.10 running apache (everything up to date and default configuration). On my server, when I login to the website in one browser it works great. When I on my other computer login with another user account on the public website, the login is successful. But when I refresh/go to another page the first user is shown as logged in instead!
Also, when I press logout, It's not showing that I'm logged out after page load. When I press f5 again I'm logged out.
As mentioned, all this works as expected on my local installation. I'm thinking there something wrong with my PHP session configuration on my ubuntu server, but I've never touched it..
Please help me. This is a school project and I'm presenting it today :(
It's unlikely to be the session handler (certainly not the problem if you are using the default handler). Top of my list of things to check is whether you are sending out the right caching information in the authenticated pages (i.e. either no-cache or Varies: cookie).
C.