I am using ZF2 authentication. It writes the authentication credentials into the storage properly.
Also I can see my session variable being set (checked by print_r($_SESSION)).
My doubts are:
1. the function, hasIdentity() from AuthenticationService.php always returns false even if the authentication is successful As a result I can't log in.
In my config/autoload/global.php I have config like this:
'session' => array(
'config' => array(
'class' => 'Zend\Session\Config\SessionConfig',
'options' => array(
'name' => 'testsuitestudio',
'remember_me_seconds' => $lifeTime,
'gc_maxlifetime' => $lifeTime,
'gc_divisor' =>1,
'gc_probability' =>1,
'cookie_lifetime' =>$lifeTime,
'cookie_domain' => $subDomainVar,
'cache_expire' => $lifeTime,
'save_path' => $sessionDirectory
),
),
'storage' => 'Zend\Session\Storage\SessionArrayStorage',
'validators' => array(
array(
'Zend\Session\Validator\RemoteAddr',
'Zend\Session\Validator\HttpUserAgent',
),
),
),
2. If I comment out :'cookie_domain' => $subDomainVar, from the above array, it works fine.
What could be the issue?
Related
I have application base on Zend framework 2. I have a form with CSRF field. If I fill the form and submit after around 5 minutes it gives me The form submitted did not originate from the expected site validation error.
So I assumed it might be some issue with session configurations. Then I added options to SessionConfig on module.config.php as follows
'session' => array(
'remember_me_seconds' => 2419200,
'use_cookies' => true,
'cookie_httponly' => true,
'cookie_lifetime' => '2419200',
'gc_maxlifetime' => '2419200'
),
But the problem still exist. Do you know how to fix this issue ?
--Update--
My form class contains the CSRF element as follows,
$this->add(array(
'type' => 'Zend\Form\Element\Csrf',
'name' => 'security',
'options' => array(
'csrf_options' => array(
'timeout' => 20000
)
)
));
None of these seems to work.
The Csrf system under ZendFramework configures the session duration from the parameter stored in the configuration of the Csrf element under the timeout key as shown in the following example :
$form->add([
'type' => Element\Csrf::class,
'name' => 'csrf',
'options' => [
'csrf_options' => [
'timeout' => 600,
],
],
]);
Put the session config under the config key as shown in the following example :
'session' => [
'config' => [
'class' => Zend\Session\Config\SessionConfig::class,
'options' => [
'name' => 'SID',
'use_cookies' => true,
'cookie_httponly' => true,
'remember_me_seconds' => 2419200,
],
],
]
I'm using zf2 apigility in my web application. With production mode, if config_cache_enabled is true in config/application.config.php, I get this message error when requesting access_token:
The storage configuration for OAuth2 is missing
If I set it to false, I get my access token.
So my problem is to have config_cache_enabled set to true and a successful request for getting the access token in production mode, due to best performance when configuration is cached. How to do that ?
This is my zf-mvc-auth configuration :
'zf-mvc-auth' => array(
'authentication' => array(
'adapters' => array(
'CustomStorage' => array(
'adapter' => 'ZF\\MvcAuth\\Authentication\\OAuth2Adapter',
'storage' => array(
'storage' => 'Application\\Adapter\\OAuth\\CustomPdoAdapter',
'route' => '/oauth',
),
),
),
),
),
This is my oauth2.local.php :
'zf-oauth2' => array(
'db' => array(
'dsn' => 'mysql:dbname=mydatabase;host=localhost',
'username' => 'root',
'password' => '',
),
'allow_implicit' => true,
'access_lifetime' => 3600,
'enforce_state' => true,
'storage' => 'Application\Adapter\OAuth\CustomPdoAdapter',
'storage_settings' => array(
'user_table' => 'users',
),
'options' => array(
'always_issue_new_refresh_token' => true,
),
),
I think it is well configured.
Did you setup your zf-mvc-auth correctly. In the module.config.php you can read that you have to define a storage key. There is also written how you can do this:
To specify the storage instance, you may use one of two approaches:
Specify a "storage" subkey pointing to a named service or an array
of named services to use.
Specify an "adapter" subkey with the value "pdo" or "mongo", and
include additional subkeys for configuring a ZF\OAuth2\Adapter\PdoAdapter
or ZF\OAuth2\Adapter\MongoAdapter, accordingly. See the zf-oauth2
documentation for details.
If you are on production mode and "config_cache_enabled" it's true, you need to delete files on data/cache folder
Last weekend I was trying to troubleshoot a bug on a website where the Session was not being preserved in IE - today I went to do further work on the site on my laptop, and I could no longer log in -invariably I have done something incredibly stupid.
I'm using xampp on a Windows laptop, and working on localhost, and this occurs in all browsers. I am not very experienced with troubleshooting these kinds of problems - I have been able to ascertain the following:
The user is able to login (Auth->login() successfully logs the user in), the issue is the Session is gone when they are redirected
I can see the Sessions being written in my /tmp/ dir containing (what looks to be) the correct data
I can create my own stupid cookies and their values persist
No other cookies exist for the site
So, it would appear to me that the Session cookie is not being set, but I have run out of ideas as to why this might be occurring. I haven't changed any cookie related browser settings (outside of enabling cookies in IE), and I have double checked my Chrome cookie settings. I have also, as I mentioned, written some junk cookies in AppController, and I can see them created, and their data persists.
If I call $_SESSION after login(), everything looks great, but if I print $_SESSION before logging in, it's empty.
I am quite sure I have managed to do something retarded, but I have run out of ideas as to what it might be. I have restored my /app/core.php to be the Cake defaults:
Configure::write('Session', array(
'defaults' => 'php'
));
My login() function looks essentially as follows:
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again.'));
}
Auth settings in AppController:
class AppController extends Controller {
public $components = array(
'Session',
'Cookie',
'Acl',
'Email',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email', 'password' => 'password')
)),
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'loginRedirect' => array('controller' => 'users', 'action' => 'dashboard'),
),
);
And example output from printing $this->Auth->user(), $_SESSION before the redirect in login():
\app\Controller\UsersController.php (line 203)
array(
'id' => '10',
'name' => 'super',
'is_active' => '1',
'email' => 'super#test.com',
'group_id' => '3',
'address' => '3',
'phone' => 'xxxxx',
'category' => 'P',
'communication_in' => 'E',
'created' => '2014-11-29 16:27:19',
'modified' => '2014-11-29 16:27:19',
'Group' => array(
'id' => '3',
'name' => 'Administrators',
'created' => '2014-11-16 21:01:35',
'modified' => '2014-11-16 21:01:35'
)
)
\app\Controller\UsersController.php (line 204)
array(
'Config' => array(
'userAgent' => '4af162a3a94462226b6e93c6806203aa',
'time' => (int) 1417317929,
'countdown' => (int) 10,
'language' => 'eng'
),
'Auth' => array(
'User' => array(
'id' => '10',
'name' => 'super',
'is_active' => '1',
'email' => 'super#test.com',
'group_id' => '3',
'address' => '3',
'phone' => 'xxxx',
'category' => 'P',
'communication_in' => 'E',
'created' => '2014-11-29 16:27:19',
'modified' => '2014-11-29 16:27:19',
'Group' => array(
'id' => '3',
'name' => 'Administrators',
'created' => '2014-11-16 21:01:35',
'modified' => '2014-11-16 21:01:35'
)
)
)
)
Last created session file:
Config|a:4:{s:9:"userAgent";s:32:"4af162a3a94462226b6e93c6806203aa";s:4:"time";i:1417317929;s:9:"countdown";i:10;s:8:"language";s:3:"eng";}Auth|a:1:{s:4:"User";a:12:{s:2:"id";s:2:"10";s:4:"name";s:5:"super";s:9:"is_active";s:1:"1";s:5:"email";s:14:"super#test.com";s:8:"group_id";s:1:"3";s:7:"address";s:1:"3";s:5:"phone";s:10:"xxxxx";s:8:"category";s:1:"P";s:16:"communication_in";s:1:"E";s:7:"created";s:19:"2014-11-29 16:27:19";s:8:"modified";s:19:"2014-11-29 16:27:19";s:5:"Group";a:4:{s:2:"id";s:1:"3";s:4:"name";s:14:"Administrators";s:7:"created";s:19:"2014-11-16 21:01:35";s:8:"modified";s:19:"2014-11-16 21:01:35";}}}
Facepalm of the day:
Many hours later, I finally thought to check phpinfo(), and of course, the session.cookie-domain was set to the remote site. I suppose at some point last week I edited the wrong PHP ini file.
Yii version 1.1.8
I have added a column to a table in a mysql database,
but the new column is not showing in output of $model->getAttributes() method call
I deleted all files in protected/runtime folder, but still no column
config: 'schemaCachingDuration' => 0, // in seconds. <1 means off
I can add data to the new column directly in the database.
Are there any other things that I can do to debug this?
index.php
<?php
// change the following paths if necessary
$yii=dirname(__FILE__).'/../../framework/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';
// remove the following line when in production mode
//debug
defined('YII_DEBUG') or define('YII_DEBUG',true );
//show profiler
defined('YII_DEBUG_SHOW_PROFILER') or define('YII_DEBUG_SHOW_PROFILER',true);
//enable profiling
defined('YII_DEBUG_PROFILING') or define('YII_DEBUG_PROFILING',true);
//trace level
defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',0);
//execution time
defined('YII_DEBUG_DISPLAY_TIME') or define('YII_DEBUG_DISPLAY_TIME',false);
require_once($yii);
Yii::createWebApplication($config)->run();
main.php
<?php
return CMap::mergeArray(array(
'timeZone'=>'UTC',
'basePath' => dirname(__FILE__) . DIRECTORY_SEPARATOR . '..',
'catchAllRequest' => null, // null if online, array('site/offline') if offline,
'sourceLanguage' => 'en_ca',
'theme' => 'td',
'charset' => 'UTF-8',
'preload' => array('log'),
'import' => array(
'application.models.*',
'application.components.*',
'application.extensions.*'
),
'modules' => array(
),
// application components
'components' => array(
'format' => array(
),
'user' => array(
// enable cookie-based authentication
'allowAutoLogin' => true,
'autoRenewCookie' => true,
),
'widgetFactory' => array(
'enableSkin' => true,
),
'urlManager' => array(
),
),
'db' => array(
'class' => 'CDbConnection',
'connectionString' => 'mysql:host=localhost;dbname=mydb',
'emulatePrepare' => true,
'initSQLs'=>array("set time_zone='+00:00'"),
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'tablePrefix' => 'tbl_',
'enableParamLogging' => true, //show parameter values in log
// 'schemaCachingDuration' => 0, // in seconds. <1 means off
'enableProfiling' => YII_DEBUG_PROFILING, //show sql profile info in log
'nullConversion' => true,
//'initSQLs'=>array('set time_zone="+00:00"')
),
'errorHandler' => array(
),
'log' => array(
'class' => 'CLogRouter',
'routes' => array(
array(
'class' => 'CFileLogRoute',
'levels' => 'error, warning',
'filter' => 'CLogFilter',
'enabled' => !YII_DEBUG
),
array(
'class' => 'CPhpMailerLogRoute',
'levels' => 'error',
'emails' => 'neilmcguigan+tderror#gmail.com',
'filter' => 'CLogFilter',
'enabled' => false,
),
array(
'class' => 'CWebLogRoute', // show log messages on web pages
'enabled' => YII_DEBUG,
'filter' => 'CLogFilter',
//'showInFireBug' => false
),
array(
'class' => 'CProfileLogRoute',
'enabled' => YII_DEBUG,
'showInFireBug' => false
)
),
),
'request' => array(
),
'securityManager'=>array(
)
),
// application-level parameters that can be accessed
// using Yii::app()->params['paramName']
'params' => array(
),
), require(dirname( __FILE__ ) . '/override.php'));
Having just went through this problem -- I found out the new field names need to be in the attributeLabels function in the model
public function attributeLabels()
{
return array(
'id' => 'ID',
'newfield' => 'New Field',
...
Be careful with using the "better still update overwrite your whole model" suggestion if you are like me and have a lot of custom code in your models. As Sankalp Singha suggests, Just copy the "diff" (green part) from using gii and add the part from attributeLabels to your code.
After you have added a new column in your table then just go to Gii and then click on model generator. In that put the name of your table again and then click preview. There would be an option of diff click on that and then copy the highlighted green code and copy paste it in your original modal or better still update overwrite your whole modal. Then check if you are able to get the values inside and are able to get the attributes. This should work.
I'm attempting to use the session database with Kohana 3.
I have setup the mysql database as described here: http://kerkness.ca/wiki/doku.php?id=sessions_and_cookies
I am setting session variables like so:
Session::instance('database')->set('uid', $user_id);
However when I go to fetch the data back later on a different page or refresh it returns NULL.
Session::instance('database')->get('uid', NULL);
But if I put them right next to each other it works fine... i.e.
Session::instance('database')->set('uid', $user_id);
Session::instance('database')->get('uid', NULL);
Any ideas as to why this is happening?
I have also setup session.php in my config folder which looks like this:
<?php
return array(
'cookie' => array(
'name' => 'cookie',
'encrypted' => TRUE,
'lifetime' => 43200,
),
'native' => array(
'name' => 'session',
'encrypted' => TRUE,
'lifetime' => 43200,
),
'database' => array(
'group' => 'default',
'table' => 'sessions',
),
);
?>
Cheers,
Thomas.
Update the session.php file to look like this:
<?php
return array(
'cookie' => array(
'name' => 'session_cookie',
'encrypted' => TRUE,
'lifetime' => 43200,
),
'native' => array(
'name' => 'session_native',
'encrypted' => TRUE,
'lifetime' => 43200,
),
'database' => array(
'name' => 'session_database',
'group' => 'default',
'table' => 'sessions',
),
);
?>
Problem was by default the sessions are called 'session'.
So I renamed each adapter and it has fixed the issue.