Laravel sessions regenerating on every load - php

I'm having a lot of problems and I really can't seem to find a solution.
Yesterday, I finished up doing some work on a vagrant box in Laravel. When I shut down the computer, login functionality was working fine.
On opening everything up today I find sessions are no longer working.
I've tried everything I can think of but I cannot log in now and flash data doesn't work.
Every page load a new session is created - e.g using the native driver, if I login, it creates two sessions - one for the login page, and one for the posted login page.
If I use a database driver I get the same result. Every time I click login, I get a further two rows of session data
I can't tell what's happening with the cookie driver but I've tried it and it's not working.
I've tried in Chrome and IE and neither will login. I've tried deleting the contents of the storage folder multiple times, and emptying cookies on the browser side. I did think it may be to do with the time being different on the vm and the local machine but they're synchronised.
Any ideas what could be causing this? Anyone come across this issue before?
edit: I've also now recreated the virtual machine and the problem still exists
second edit: I've now started from scratch using a digitalocean VPS with the same results.
I've stripped out everything in my routes file and all it now has is the following
<?php
Route::get('/sess/set/{value}', function($value) {
Session::set('testv', $value);
Return 'Set ' . $value . ' - ' . Session::get('testv');
});
Route::get('/sess/get', function() {
Return 'Get ' . Session::get('testv');
});
I visit the first page and it shows whatever value I put into the session. Hit the second page and you only get the 'Get ' part without any session value.
session_attributes always has a _token field, I've tried changing the name of the session and the domain and still can't get sessions to work.
edit3: for anyone who comes across this, I never identified the issue. I started a completely new project, copied my controllers and views across, recreated my routes file and everything is now working - although I'm half expecting to be updating this post tomorrow to say it's broken again!

My problem was that I had echo statements in my function. It was keeping the session from being properly created/stored.
I had an echo before my 'return Redirect' so the redirect didn't get the session...
public function login()
{
// auth
if (Auth::attempt(Input::only('email', 'password'), true))
{
return Redirect::route('companies.index');
}
// failed -> back to login
return Redirect::back()->withErrors(['email' => 'Login failed.'])->withInput();
}
Details: http://brainwashinc.com/2014/02/17/laravel-sessions-not-working-in-4-1/

I had this exact problem and with almost identical environments as well. As you experienced as well what ended up working for me was starting a totally fresh Laravel 4.1 project and then copying everything over. However I did also find that by changing one config variable I was able to fix the problem:
In /app/config/session.php change the lifetime config item to something higher than 0. This fixed the issue for me.

I had this same issue and already changed my session values to the 4,1 version. I logged into our server and ran the composer update command, after it finished everything worked fine.
composer update

I spent a whole day with the same issue (session regenerated with almost every request), and could not find anything helpful online. Posting this here in case somebody has the same issue.
Basically the problem was that the session cookie was not set correctly due to template errors. So if you run into this, first check that the session cookie is set with every request via http headers.
In my case I wrongly used something like this in some of my templates:
#section('test')
<p>Some content here</p>
#endsection
This is wrong!
In Laravel 4 it needs to be #stop instead of #endsection:
#section('test')
<p>Some content here</p>
#stop
Using #endsection made the app not finish correctly, so no session cookie was set. There is no trace of anything being wrong in the logfiles however. BTW, this kind of error also leads to after-filters not being applied.

I also has this problem, and it turned out to be with outputting data early - I was already echoing some debug text in the controller action, and then tried setting a session variable for the first time - the session just wouldn't persist, and kept recreating each time - once I removed the output, it worked fine (and fine from then onwards)

I upgraded from Laravel 5.1 to 5.2 and had the issue of numerous sessions being created on every page load. It didn't matter which session driver I used, nor did changing anything in config make it work. (I tried every suggestion on every StackOverflow result produced by Google.)
The solution for me: remove "web" middleware from your routes. Apparently, web middleware is included automatically in 5.2+, so if your routes ALSO specify it, you wind up with multiple sessions being generated.

There are many reasons this can happen, I just ran into this problem myself. The fix for me was to change:
public function getAuthIdentifier()
{
return $this->username;
}
to
public function getAuthIdentifier()
{
return $this->getKey();
}
on the User model.

I've experienced issues related to this. The session file wasn't created every time but sometimes I just can't get the session variable displayed. After hours of experiments I found that the problem was related to Debugbar.
If you're using Debugbar and having session issues, disable it and try again to confirm. There's an issue reported here.

Related

Codeigniter deletes the session I wrote after refreshing the page

I am using Codeigniter. I have not encountered such an error in a long time. In my login function inside my login controller, I want to print an array returning from the Login Model to the session. I also use Elephant.io. $this->session->set_userdata($validate); $client->emit('form_data', ['success' => $this->session->all_userdata()]); when I write the array named $validate to the session, it sends all the data of the session to nodejs with emit at the bottom and there I'm printing to the console.
So when I send $this->session->all_userdata() with emit I can see the data in the $validate array. For your information, the issue has nothing to do with NodeJS. However, when I refresh the page, all the data I have written in the session is deleted. As a solution, I tried $this->session->set_userdata('uid', $validate) instead of $_SESSION['uid'] = $validate and it didn't work. I've read articles on various sites about this topic on the internet or looked at the same problems and solutions on stackoverflow and similar platforms, but there was no solution to my problem. In the same controller in the construct function $this->session->set_userdata('uid', 'test'); print_r($this->session->all_userdata()); die();When I print this the 'test' data is not deleted even if I refresh the page hundreds of times. So it works inside the construct. I am calling session library in Construct.
I haven't been able to solve this problem for 2 days now, I've reached the stage of going crazy. I have explained my problem at length here, I hope a solution is found. I am using the latest version of Codeigniter. My PHP version is 7.3.11 I am using Ampps as apache server. Thanks to everyone who has helped so far <3

PHP How to stop Chrome loading a page twice

Note: I have updated and rewritten my question to try and solve this issue point by point. Cheers.
I have a problem and I'm not immediately sure how to go about resolving it.
I have been building a secured login system on a HTTPS server (with a grade of "A" by SSL-labs, if that's worth anything ), and it works fine, however today it is refusing to log me in, with some debugging I have found something very odd (in my view).
I have some serious issues with session handling on the website, the different pages use the same session data (of course) and the same session /cookie settings, and they pass the information between each other correctly, BUT the behaviour of my browser appears to be as if there are two browsers visiting the same websites, using the same session data.
Symptoms - Because I have been having inconsistencies with page generated session content (unique hash token) not fitting the same data saved in the login form (as a $_POST value), I was finding that as there is only one line in the whole site that sets the value of the session, this line must be running twice. So I set a counter value in the session, on the form page as session['counter']. each time the page loads, the counter +1's. My problem is specifically with this:
Login page:
Opens page,
session hash-string is generated and saved to the post form.
session counter = counter + 1;
Form is filled in.
Login auth' page:
fails to verify the posted hash-string is the same as the session hash
string, despite there being no other cause for the session values to
change (well there must be, but I can't see it!)
But, then going back to the Login Page I see that the counter = last value + 2! Also, the counter value recorded on the session file saved on the server is always +1 to the value displayed on the login page.
Some images:
Login Form Page: Please note that this is above the HTML output and is the last place on the code where any SESSION data is edited.
Output :
Please note the number relating to the counter in image 1.
My session file, this file relates to this specific browser session and only 1 session file as I am the only browser on the site.
The string CheckDrop is the hash value to compare but the counter is at 12 rather than 11, which is displayed in image 2 above.
My site is HTTPS authed although this work is on a subdomain.
This issue has been happening for the last 3 hours but inconsistently, it magically worked for about 40 minutes earlier today (just before posting this post). but I had done nothing I could see as changing the environment.
I have previously compared phpinfo data and session setup data it all looks correct at point of browser output. It does not seem to be caused by my settings.
It happens on different browsers on my PC.
Further Work
After spending hours debugging and working through this, it appears to be a browser issue. I have renamed the pages (one page was called index while it was not defined in .htaccess as the directory listing page which may have possibly caused a browser to open it twice).
I have cleared all associated data: sessions / database records / browser history, and have come across something:
Firefox now logs in as expected, the counter is count+1 and the login works, however on Chrome the exact same log in on the same pages does not work and the browser appears to load twice, the counter = counter + 2. Chrome also leaves two records in the database at each load rather than the expected one.
Chrome version 45.0.24
Firefox version 42.0
Page double counts and runs script twice on Safari and Chrome. On Firefox, Opera and MSIE it works as intended.
Any ideas why this is occurring?
How can I go about trying to solve this problem?
The original issue was caused by the naming of the webpages, there was a webpage named "index.php" but this page was NOT the index, instead "loggedIn.php" was the index page for the site, as defined in .htaccess
Having an index.php page that was not an index seemed to confuse a lot of browsers. This [part of] the issue was resolved by renaming all the pages and setting an index.php page that used PHP headers to redirect people to the suitable page (based on if logged in or not) .
The issue remained with Chrome and Safari.
After a long time reading lots of issues about Chrome, the solution was frankly pathetic,
https://code.google.com/p/chromium/issues/detail?id=64810
This link lists various issues relating to this problem of Chrome double loading, if certain markup elements are not present. As my page above are very simple, there wasn't a lot that applied, but Google Chrome will silently request the favicon.ico file and then if it doesn't find it, will reload the page but only output the first page (from Chrome memory cache).
This is an epically stupid bug in Chrome that has cost me most of a day. Safari still persists in loading the PHP script twice,
I might be a little late to the party, but I've found another reason why this was happening for me. I created the following page:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
error_log('Loaded');
?>
</body>
</html>
Even this minimal page was loading twice, but only in Chrome, so I started investigating, and found Mendeley Web Importer Chrome extension to be causing this behaviour. Simply disabling it solved the issue for me.
I suppose your problem is with Internet Explorer... I had the same problem and I discovered, with incredible surprise and shock, that internet explorer 10 will send a different "user agent" value, from request to request.
When I saw it for the first time I was really impressed by the absurdity of the fact, but that's completely sure. I tested it very deeply and you cannot trust the Internet Explorer "user agent" string to be the same from request to request.
I had to remove that string from the hashing login string

Wordpress WP Session Manager variables not always being set

I have an issue with the above plugin (WP Session Manager) where the session variables I set, are not always set. I know the PHP I'm using to set the variables is correct as they do work sometimes. But for example, I can have them working perfectly fine and echo'ed out to the screen as a test, then I 'logout' and blank all the variables by setting them to "", then log back in (and set them again) but they do not get echo'ed out this time, meaning they must not be set.
I know one works for definite, as it is used to see if the user is logged in or not, and I only get asked to log in on my site once, I can navigate around pages etc, close the browser and I'm only asked to log back in when I use my logout button to blank the variables.
Does anyone know what might be causing this please? Or is it going to be something very hard to diagnose?
Don't know if it will help or not (to fix the issue), with regards to editing the session timeout time, I see that there is the info on the FAQ page of the plugin, saying that it can be edited using this filter
add_filter( 'wp_session_expiration', function() { return 60 * 60; } ); // Set expiration to 1 hour
But where is this filter found/edited or added?
Hope someone can help with the problem :)
Thanks!
I have fixed this now. Redirecting to a different page instantly was causing an issue, waiting for 1 second before doing the redirect allowed the variables to be set.

non-dev user always has ID 0

I have ran into a serious problem that must be resolved before continuing with the development.
My boss created the app, for him it works exactly as expected - the user is logged in, the data is accessible, everything works. BUT for every other user, $facebook->getUser() ALWAYS returns 0, no matter what. Obviously, I'm logged into facebook, there is also a login link in the app, but clicking it doesn't work, nothing changes.
This problem only occurs for users that are not in any way connected to the app!
I confirmed my developer request to that app a few days ago and it now works for my account, before that it did not work, not for me, not for any other user we tried, no matter if the app was public or in dev mode, which technically shouldn't matter for authentication.
We tried many things, eventually existing code shared on the internet, like the code from the bottom of this article: http://www.thegeekstuff.com/2014/03/develop-facebook-app/
(with our own app ID and secret, of course)
Not that it changed anything, but just to give you a ready code example.
Even if I deleted everything below "$user = $facebook->getUser();" and just put echo $user; die(); after that, it always showed the user ID as 0.
Another thing I've noticed that might help in solving this problem is the following: with the same code from the article, my boss' session contains several variables at all times, but when I open the app with a non-dev user, at first there is only the "fb_app-id_state" variable, and when I refresh the page, it gets deleted and session is empty. If I refresh the page again, the variable is created again with a different value, another refresh and it's gone again, and so on.
After a day of trying to get this shit to work with PHP, I switched to the JS SDK. Apparently it also doesn't work, however, I have yet to receive specifics from my boss since I don't have a fake account to test it myself.
The obvious question is: what is going on and why isn't the authentication working as expected?
Edit: my code - http://pastebin.com/qCPtfTHs
You need looking for app settings. Only owner, app admin, dev, can use your aplication on sandbox mode. All other users this app dont work or work buggy. Remove test mode, and put out app in live mode.

Firebug destroying session variables in Codeigniter application

Well I m having strange problem here. I have a codeigniter 2 web application which requires user login.
My session works perfectly when I jump from one page to another. But when I turn on Firebug and try to jump to another page, i m kicked back to login page.
This happens always everytime I turn firebug on, but works okay if its not turned on. I have no clue whats going around.
Why Codeigniter session is not working when Firebug is turned on?
Any help will be highly appreciated.
Edit:
I have two separate applications made with Codeigniter. Both have same issue.
P.S. I am facing this problem in my local machine, haven't checked in remote server.
Thanks,
Sabin
if you have the session filtering by user agent that's the problem. firebug adds additional stuff which can cause CI to think your session has been hijacked.
if you have firebug on globally, you may notice some sites tell you to disable the plugin for their site(for example gmail) for that very reason.
Also, if the sessions are not setting try a couple different values in cookie_domain. Setting it to empty did the trick to me. It appears that codeigniter tries to fill in the value for you ($config['cookie_domain'] = "";)

Categories