On every page I see that new session is generated with null userdata
On model constructor
$this->config->set_item('sess_table_name', 'xx_sessions');
Because I want to store this session in another table because the other session table is being used for another login activity
Login function
function login($username,$password)
{
$this->db->where('login',$username);
$this->db->where('pass',$password);
$q=$this->db->get('prof');
// print $this->db->last_query();
if($this->db->count_all_results())
{
$arr=$q->row();
// creating the session
$this->session->set_userdata('login',$arr->id);
$this->session->set_userdata('prof',$arr->profile_id);
// print_r( $arr);
}
else
return FALSE;
}
This login function is on a model. After login and generating the session the page redirects to another page, on that page I see the session builds without any problem but when I move to another page the session losses along with the userdata.
I use the following function to check session data
function print_session()
{
print_r( $this->session->all_userdata());
}
Where I'm wrong ? Tank_auth library and ion_auth library works fine .. I had already used the
Put the session library name into the autoloader configuration, in application/config/autoload.php:
$autoload['libraries'] = array('session');
Then it's available automatically in each controller and everywhere in your application and you get your session data from anywhere:
$session_id = $this->session->userdata('session_id');
And if you don't want to auto load session library then you have to initialize the Session class manually in your controller constructor, use the $this->load->library function:
$this->load->library('session');
For details have a look here:http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
Edit /application/config/config.php and set cookie domain variable
$config['cookie_domain'] = ".yourdomain.com";
It will work!
.yourdomain.com makes the cookie available throughout the domain and its sub-domains.
I have met same problem, and i have searched lots of pages.
I figured out that changing sess_cookie_name solves the problem(new sessions generating issue)
$config['sess_cookie_name'] = 'somenewname'
Related
I am manually modifying some key of Auth session in beforeFilter of AppController.php by this code
public function beforeFilter(Event $event){
//$companyId = $this->Companies->find(.........
$this->request->session()->write('Auth.User.company_id', $companyId);
}
And in various actions of different controller i'm trying to get that stored companyid in session by following way
public function add(){
$companyId = $this->Auth->user('company_id');
debug($companyId); die;
}
When i see the value of $companyId, it is showing older value not updated one in beforeFilter method of AppController. However if i refresh the page and donot modify session again i will get updated $companyId value.
So my question is how can i update the value of Auth session data so that i can get updated value with $this->Auth->user('company_id') code in different places in same request?
The session storage used by the authentication component uses a buffering mechanism, ie the value from the session is usually only read once per request (unless it is being deleted/emptied).
https://github.com/cakephp/cakephp/blob/3.2.8/src/Auth/Storage/SessionStorage.php#L81-L83
So either read the value directly from the session in your controller action, or do not write to the session directly, but to the session storage, something along the lines of
$user = $this->Auth->user();
if (is_array($user) && $user) {
$user['company_id'] = $companyId;
$this->Auth->setUser($user);
}
Here I go what am doing is I am using
Yii::app()->SESSION['userid']
with no
Yii::app()->session->open();
at login
Yii::app()->session->destroy();
at logout
I wanna know if dont do the open and destroy session is it worthy . Does Yii do it internally.
One more strange thing I dont know whats happening. In the same browser for a session I can login for multiple users .. this should not happen so.Is it that i am not using the open and destroy session methods .
public function actionLogout()
{
Yii::app()->user->logout();
Yii::app()->session->clear();
$this->redirect(Yii::app()->controller->module->returnLogoutUrl);
}
Please let me know how do i figure this out
For creating yii session
Yii::app()->session['userid'] = "value";
You can get value like this
$sleep = Yii::app()->session['userid'];
And unset session like
unset(Yii::app()->session['userid']); # Remove the session
In case of user signs out , you have to remove all the session.
Yii::app()->session->clear();
After this, you need to remove actual data from server
Yii::app()->session->destroy();
Don't clear session, only logout:
Yii::app()->user->logout(false);
In YII, the session is handled by 'CHttpSession' class - http://www.yiiframework.com/doc/api/1.1/CHttpSession
Should you use the method 'open()' Yii::app()->session->open(); depends on your configuration. If in the main.php, you have set the
'session' => array (
'autoStart' => true,
), then the Session will be started automatically by YII itself.
You can refer the source code for the method 'init()' here - https://github.com/yiisoft/yii/blob/1.1.16/framework/web/CHttpSession.php#L83
Regarding your question about using the methods 'close()' or 'destroy()', the method 'close()' only unsets the keys of Session but 'destroy' removes the whole session data
Once you craeted session it will allow you in same browser multiple time, i mean for same url it will allow you to login, you can just do it rename your session variable with different name and check that particuller variable to login with that.
Session is a Web application component that can be accessed via Yii::$app->session.
To start the session, call open(); To complete and send out session data, call close(); To destroy the session, call destroy().
Session can be used like an array to set and get session data. For example,
$session = new Session;
$session->open();
$value1 = $session['name1']; // get session variable 'name1'
$value2 = $session['name2']; // get session variable 'name2'
foreach ($session as $name => $value) // traverse all session variables
$session['name3'] = $value3; // set session variable 'name3'
I just want to know if I am able to hand over session variables from Laravel to my custom code. What I mean is: I want to handle log-in through Laravel and pass it to my profile section which is not in Laravel. Most of the routes are handled by a .htaccess file. The goal is to just login with Laravel auth and save that to $_SESSION['user'] var and redirect to /profile. Somehow I don't get that. The session name is the same in both, in Laravel's session.php's cookie name and my custom code's constant. Is there any other factor I should consider ?
Okay here's the code:
namespace Services\Session;
class OldSessionAuth
{
protected $auth;
function __construct()
{
$this->auth = \Auth::user();
}
public function setSession()
{
$_SESSION['user'] = $this->auth->toArray();
$_SESSION['auth'] = 'TRUE';
return true;
}
public function destroy()
{
session_destroy();
session_unset();
}
}
So, this is sort of my Session services, which is initialized only if it passes the Auth from the controller, Now I think I don't need to do that. so I skiped it, Basic Stuffs (Auth::Check()) really. So, I'd just do this in my login method.
$old = new Services\Session\OldSessionAuth();
$old->setSession();
return Redirect::to('/');
The home page is controlled by my custom made MVC and I want to grab the session, which in this case I can't. It shows Array(). There is no session manipulation when retrieving the session.
Laravel already has a pretty good session abstraction so I don't think you needed to use session_start(), $_SESSION etc directly. Sharing an session across two applications is a bit tricky. If you are tied to using the cookie approach, then you have to make sure that the session driver in use is the cookie one. You would also need to ensure that the restrictions on the cookie aren't such that your other application isn't being sent them by the user's browser.
By default, PHP will use a file cookie driver. In this case, what you would have to do in your other application is to read the "PHPSESSID" cookie, set the session ID using session_id() to this and only then would you have access to the session data using the $_SESSION variable in the other application.
This is all pretty hacky though. I would recommend that if you need to share sessions that you make use of a database session driver instead. This way, you are able to share arbitrary session data across applications using a standard interface. In this case, you would just read the "laravel_session" cookie instead to be able to look up the session in the database. There would be many hidden pitfalls if you then wanted to also modify this data from the other application as well though.
I'm new to CodeIgniter and I started to use the session library.
I have autoloaded the session library and trying to save the current user_id to the session userdata array. But the information is gone when I try to read it on an other page..
The native PHP sessions work just fine (tested it), so it must be something from CI.
I programmed a simple test page where I test the following:
Set the session userdata.
Test page shows the userdata correctly.
Uncomment the set session data lines in the code of the controller and reload the page.
Test page doesn't show the userdata.
The code of the controller:
class Welcome extends CI_Controller {
public function index(){
$data = null;
$data['test'] = "Yeeeeh!!";
$this->session->set_userdata($data);
$this->load->view('welcome_message', $data);
}
}
Code of the view:
<?php
echo $this->session->userdata('test');
?>
Why does the view display the session_id and not the "test" variable you created?
Did you test
<?php
echo $this->session->userdata('test');
?>
in the view file?
CI's sessions are cookies, not PHP native sessions. Calling sessions in a view works (IIRC), but since your view is loaded in the same request the session is created, it won't be set.
You need to call it on another request (i.e. another controller), or set the session somewhere else (in another controller, via AJAX could work also), or use native PHP $_SESSION array instead.
I think your actual code is just a test case, otherwise why not just
public function index(){
$data = null;
$data['test'] = "Yeeeeh!!";
$this->session->set_userdata($data);
$this->load->view('welcome_message', $data);
}
in view:
<?php
echo $test;
?>
I have a logout controller in codeigniter :
<?php
class Logout extends MY_Controller {
function index()
{
$this->session->sess_destroy();
redirect('index.php');
}
}
This logs me out but when i call another controller after logging, like "/site/addnewpost",
this just logs me in again, as if the sassion had not been destroyed previously. Why is this happening?
Follow ALex's suggestion, but using CI code:). What I mean, try unsetting each session data individually. I read once about an issue in version 2.0.3 I think, but I don't remember now and I don't have time to search for the reference. It's in their forum, though, and the suggestion was the same: unset each session element one by one.
$this->session->unset_userdata('data_one');
$this->session->unset_userdata('data_two');
$this->session->unset_userdata('data_three');
$this->session->unset_userdata('data_one');
$this->session->sess_destroy();
redirect('home','refresh'); // <!-- note that
//you should specify the controller(/method) name here
You need to redirect because CI's session are just cookies, not the native php session array.
Another thing...make sure the fault isn't in your login methods, which logs you in no matter if you succesfully logout or not!
Try explicitly delete items like this:
$this->Session->delete('User');
$this->Session->destroy();
$this->Cookie->delete("User");
$this->Cookie->destroy();
$this->Auth->logout();
$this->redirect('whereever');
My problem had to do with caching on the server side. The quickest I could fix it was by appending random text to the logout link:
<?php
$this->load->helper('string');
echo anchor('/home/logout/'.random_string(), 'logout');
?>
home/logout contained the same code as function index in the question.
Just so you know the redirect('/', 'refresh') did not work for me, but I again I did a quick test.
I am guessing that the random_string() method can be replaced by outputting headers that force cache to be cleared etc. As you have probably guessed, I can't do that right now as I am super busy. Maybe later.
You can also try manually setting your "logged_in" or whatever you called the session to false. Then, destroying all other session data.
$this->session->set_userdata('logged_in', FALSE);
$this->session->session_destroy();
redirect('index');
first we have to load session library to deal with session than unset the sessionID and destroy the session. I am using this code to unset my session and secure logout.
$this->load->library('session');
$this->session->set_userdata('user_id', FALSE);
$this->session->sess_destroy();
$this->load->view('your URL');