Hope someone could help me with this issue.
We are using AuthClient for Social Signup and Login. Feature is working fine locally on Windows XAMPP (PHP 5.6) but on the server (Amazon Ec2 AMI, PHP 5.6), code is not saving session data.
public function onAuthSuccess($client)
{
//.... COMMENTED CODE
$session = Yii::$app->session;
//Store social info in session
$session['socialClient'] = $_GET['authclient'];
return;
}
When we are trying to access the session data set in the above function in the following Controller Action, the session data is never saved.
Weirdly after hours of research, if we use the PHP standard header() and exit() then it all works, fine.
header("Location: " . $authObj->getSuccessUrl());
exit();
I have tried all the combination, but still no luck.
e.g. return $this->redirect()
I am not sure if its a PHP issue or something to do with YII2 session handling. There are few other screens, where I believe the session is not saving as client has logged few bugs recently related to data loss, while the code logic is fine and works locally.
Any help would be of great help.
Thanks
Try using $session->open();
to open a session first before assigning some values.
Therefore, your code should be like:
`public function onAuthSuccess($client)
{
$session = Yii::$app->session;
$session->open();//Open session.
//Store social info in session
$session['socialClient'] = $_GET['authclient'];
return;
}
You said onAuthSuccess() is an action right? If yes then please use actionOnAuthSuccess(). This might be the reason you are not getting the values in the session because this action was never found.
In their example:
public function successCallback($client)
{
$attributes = $client->getUserAttributes();
// user login or signup comes here
}
Your code:
//Store social info in session
$session['socialClient'] = $_GET['authclient'];
It's a callback function, you wouldn't get any parametes from $_GET.
You may use the variable '$client' to get some data.
Related
EDIT:
I've found the problem, this has been done in some legacy code and for some reason there was a session_write_close() call in a different part of the code which closed the session before i wrote to the session.
I've been making a little php class to write to the session(mostly for single request things) and i've been having trouble writing to the session.
When i write to the session it looks like it's working and i can see it in xdebug, then i try to redirect back to the other page but when i get into the new request it is not saved to the session.
I write to the session like this:
public function flash($key, $value = null)
{
if (is_null($value)) {
return $this->flash[$key];
}
$_SESSION['flash'][$key] = $value;
}
and then redirect like this:
session_write_close();
header('Location: ' . $location, true, $status);
exit;
I can't seem to figure out why the session variable doesn't save, the session_write_close() function returns false so i know it isn't saving. But when i don't use the redirect it does save.
EDIT: the session gets started on every request using session_start()
I hope someone knows what might be happening and can help me.
Thanks in advance :)
EDIT:
With session_status() i get a return value of 1 which according to the documentation means PHP_SESSION_NONE or sessions are enabled, but none exists but i can see that other session values have been set and saved.
I've checked the session id and if it is the same as the one in my cookies, these are identical. I've also tries writing to the session outside the class/method and that also seems to work and i tried to set the header without the statuscode to see if that changed something but it doesn't.
I have checked several questions already and tried everything but it did not help.
I want to use Laravel Sessions to store some data but they don't persist.
The code is something like this:
public function payment (Request $request)
{
$data = "somedata";
$provider = new Provider();
$request->session()->put("data",$data);
$request->session()->put("provider",$provider);
$response = $provider->setExpressCheckout($data);
return redirect($response['paypal_link']);
}
This happens when I open, let's say www.mypage.com/pay
When I use dd($request->sesion()->all()); here, the session has been saved.
Now the user gets redirected to Paypal, does the check out and it gets redirected somewhere in my application.
public function aferpay(Request $request)
{
dd($request->sesion()->all());
}
When this function gets called, the previous url is fine "url" => "www.mypage.com/pay" even though it comes from Paypal, but the rest of the data is not there anymore.
Any help?
Check your session config for any oversights, especially the session domain.
Make sure the session driver is working, and if you are using file sessions make sure the session directory is writable and there's enough free disk space.
Finally, msure you are not accessing mypage.com/pay without www first, and paypal redirects to www.mypage.com/pay and the session doesn't stick because of that - setting .mypage.com as the session domain will fix this.
If all else fails, please attach the set-cookie response headers of your mypage.com/pay page.
I'm trying to manually login the user using this snippet (after verifying the login data of course):
public function loginUser($user) {
$userArray = array('uid' => $user->getUid());
$GLOBALS['TSFE']->fe_user->is_permanent = true;
$GLOBALS['TSFE']->fe_user->checkPid = 0;
$GLOBALS['TSFE']->fe_user->createUserSession($userArray);
$GLOBALS['TSFE']->fe_user->user = $GLOBALS['TSFE']->fe_user->fetchUserSession();
$GLOBALS['TSFE']->fe_user->fetchGroupData();
$GLOBALS['TSFE']->loginUser = true;
//this somehow forces a cookie to be set
$GLOBALS['TSFE']->fe_user->setAndSaveSessionData('dummy', TRUE);
}
If I leave out the "setAndSaveSessionData" Part, the login doesn't work at all, after a page redirect the login data are gone and the user is logged out again. But the setAndSaveSessionData stores the session in a cookie and the user will remain logged in even after closing the browser - which is a behaviour I do not want (not without the user's consent). Is there a way to manually login the user without the "setAndSaveSessionData" part? I'm using Typo3 6.2.12 with extbase and felogin
Thank you very much in advance!
In some TYPO3 6.2.x (I don't remember which x exactly) there was a change introduced, which causes that you need to call AbstractUserAuthentication::setSessionCookie() method yourself... Unfortunately it has protected access so the best way to login user is creating some util class extending it:
typo3conf/your_ext/Classes/Utils/FeuserAuthentication.php
<?php
namespace VendorName\YourExt\Utils;
use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
class FeuserAuthentication extends AbstractUserAuthentication {
function __construct($uid) {
return $this->authByUid($uid);
}
// Authenticates user by uid
public function authByUid($uid) {
/** #var $fe_user FrontendUserAuthentication */
$fe_user = $GLOBALS['TSFE']->fe_user;
$fe_user->createUserSession(array('uid' => $uid));
$fe_user->user = $fe_user->getRawUserByUid($uid);
$fe_user->fetchGroupData();
$GLOBALS['TSFE']->loginUser = true;
$fe_user->setSessionCookie();
return $fe_user->isSetSessionCookie();
}
}
so to login your user by uid you just need to create new object of this class with $uid of fe_user as a constructor's param:
$this->objectManager->get(
'\VendorName\YourExt\Utils\FeuserAuthentication',
$user->getUid()
);
P.S. As you can see this class doesn't check if account exists and/or is enabled, so you need to check it yourself before authentication attempt.
A website is delivered HTTP(S), which is a stateless protocol. This means that something has to be saved on the client computer, because otherwise the server couldn't reliably recognize the user again. There are several ways to do this:
Use a session cookie (The way TYPO3 does it, PHP also does that)
Manually add a session ID to each request on a page, Java-based applications do that sometimes. This breaks if the user leaves the page and comes back later (in the same session, or in another tab without copying a link).
There are probably some more ways, but I can't come up with them right now
So my answer is: Since I believe it is hard to get TYPO3 to switch to another way of setting the session information (would be quite user unfriendly), there is no good way to avoid setting the cookie.
However:
The cookie is a session cookie, which expires when the browser session is ended. So closing the browser and reopening it should end the login, except if the browser restores the previous session when opened. Many modern browsers do this, especially mobile browsers. Ways to get around that:
Use the incognito or private mode of the browser
Set the browser to start a fresh session on each start and make sure the browser terminates when you are finished (again: watch mobile devices).
I'm developing my first phonegap application that is using CakePHP (Croogo) backend.
If I'm sending my username and password via AJAX from phonegap to CakePHP, I can successfully log in with CakePHP's $this->Auth->login(). The User session is generated correctly, I can get back the user data from CakePHP by reading $this->Session->read('User') right after login.
But if I make another AJAX call from my phonegap app to get that User Session, I dont get the value.
So far I thought that if I set a session on server side, it is readable later (from the same browser session), because the browser has the appropriate cookies set.
Now I'm confused, if CakePHP creates a new session for every AJAX call?
public function ajax_login_from_phonegap($user) {
[...]
if ($this->Auth->login($user)) {
$response["user"] = $user;
$response["msg"] = $this->Session->read('Auth.User.username');
//here I got the correct value!
return $response;
}
[...]
}
public function another_action_from_phonegap() {
echo $this->Session->read('Auth.User.username');
// here I have null
}
Am I just missing something or am I thinking wrong?
Thanks in advance for any help!
(Configure::version() = '2.5.5')
I think your problem may be more general than related to CakePHP. When you are logged in, does your phonegapp app keep the session cookie? And do you send that cookie on the second AJAX call?
Sessions works because the client keep track of a cookie containing its session ID and then send it everytime a request is made, this way the server can identify the session and associated it with the corresponding session.
You have set $this->Session->('User') but you are trying to read $this->Session->('Auth.user.username').
I'm wondering if there's a way to dump all of the values of
$this->session->userdata()
so I can troubleshoot?
I'm working within Facebook, and have a login page, and once that's successful I want to pass around the UID of the current user, and I thought this would work well.
I currently have the uid set as follows:
require_once 'facebook.php';
$appapikey = 'XXXX';
$appsecret = 'XXXX';
$facebook = new Facebook($appapikey, $appsecret);
$user_id = $facebook->require_login();
$this->db->like('uid', $user_id);
$this->db->from('users');
$has_signed_up = $this->db->count_all_results();
if ($has_signed_up == 0) {
redirect('/setup/signup/', 'location');
}
else {
$this->session->set_userdata('uid', $user_id);
redirect('/preferences/index/', 'location');
}
So the redirection occurs, and I have a very simple setup over at preferences/index:
echo "this is the preferences form <br />";
echo $this->session->userdata('uid');
echo $this->session->userdata('session_id');
And the result is an inscrutable:
this is the preferences form
858f500e167e359edc1942a96f3bac35
So it totally skips over the middle echo containing the uid. Am I not setting this correctly? Is there a way to dump all values of the session array to see what's getting through? Any help would be just great.
UPDATE
I have run var_dump($this->session->userdata) on each the raw website and through Facebook.
On the website it exposes all set values in an array containing 5 values (session_id, IP, User_agent, last_activity, and uid).
Within the Facebook chrome however, it only shows the 4 values set by CodeIgniter. I've heard cookies can only be 4k and that encryption could be a problem. Could FB be filling up cookies with its own encrypted (read:larger) data?
UPDATE 2
When I comment out the redirect, and just have:
else {
$this->session->set_userdata('uid', $user_id);
echo ':test_'.$this->session->userdata('uid').'_test:';
//redirect('/preferences/index/', 'location');
}
It dutifully returns :test_1234_test: within Facebook. So somewhere during the redirect it's losing this part of the array (but not the whole array).
Is it possibly just creating a new session on the redirect page? So that's why it only has the four "stock" variables? If this is the case, I'll need to research how it creates the sessions, and if Facebook clears cookies I suppose.
UPDATE 3
So I've turned to using a DB to store session information instead of cookies, thinking FB was either stripping them or colliding with them. I currently have the app set up to
Set $user_id = 1234
$this->session->set_userdata('uid', $user_id)
Redirect to the new page
Var_dump all possible information
What occurs in the DB is this:
DB records http://nikolausjj.facebook.joyent.us/Picture2.png
So it creates one good record, with the user data, then immediately upon the redirect creates a new session without recognizing the prior one. Can someone explain where the CI framework checks to see if it has a prior session existing? The user manual explains it as "magic" basically.
You can use var_dump() to output the session. Something like this
var_dump($this->session);
The set_userdata call looks ok. Are you sure $user_id is set. Because the echo is surley executed but uid isn't set or set to empty string.
Try replacing the echo with
echo ':test_'.$this->session->userdata('uid').'_test:';
Other information helpful for answering
What browser are you using?
Do you have an underscore _ in your domain name?
Are you using CI sessions or some wrapper for native PHPsessions
Is the value for uid also lost/not set when you comment out the redirect?
Other suggestions:
try redirect('/preferences/index/', 'refresh'); instead of location
I'm not familiar with facebook development but is /preferences/index under your control? If yes try removing (if present) $this->load->library(‘session’) and instead load it in autoload.php.
try changing $config[‘sess_match_ip’] to `FALSE
try setting $config[‘sess_encrypt_cookie’] to FALSE
try replacing the use of CI-Session with CI Native session
Is UID sensible information if not store it in a cookie. If it matters if it can be spoofed don't.
I didn't solve how to pass session variables from one page to another via Facebook. My solution was simply to call the Facebook API for the user's UID again on each page. Not great programming, but it works alright for me. :-/