I am very new to CakePHP and the whole MVC framework. My question is where is the best place to incorporate sessions in my website.
I want to start a session as soon as a user visits the site and check if it is valid and if the user is logged in (via a session attribute) before each call to a controller.
Should I be placing the logic to check for a valid session in the AppController? if so how can I do that because nothing instantiates the AppController so I cannot use $this->html->session().
Many Thanks
You are on the right track, but take another look at the documentation on Sessions.
You want to be using $this->Session->read/write/check/etc
Cakephp will always start a session if you've included the Session component and for the most part this is exactly what you want. In the AppController you only need to tell CakePHP to use the Session component.
Something like this...
public $components = array(
'Session',
'RequestHandler',
'Cookie'
);
And then include the helper as well...
public $helpers = array('Html', 'Form', 'Session');
Now you're ready to rock.
To store a value in the session :
$this->Session->write("myvalue");
to read a value from the session:
$this->Session->read("myvalue");
You can also check if a value is set using :
$this->Session->check("myvalue");
You can also use beforeFilters in your controller to block access to the controller:
public function beforeFilter(){
parent::beforeFilter();
if(!$this->Session->check("id")){
$this->redirect("/users/login");
}
}
Alternatively just wrap the above in a private method and call the method on the first line of all the actions you want to control access to.
Related
I have to use the session in cakephp helper.
To read the session is possible in helper but write session is not.
I don't know how to do it.
Can anyone tell me?
Basic problem is that:
I have created one custom helper which call several times in view for single request.
Suppose helper has called for 5 times.
In helper for textarea some random id has going to be assign.
I need to collect those ids in some variable and then use it for the js function.
If you have new idea related to this problem then please share.
I have added the "session helper" in my custom helper.
Thanks!!!
You can extend SessionHelper , for that place a create a ExtendSessionHelper.php in View/Helper
and add following code in it.
App::uses('SessionHelper', 'View/Helper');
class ExtendSessionHelper extends SessionHelper {
public function write($name, $value = null) {
return CakeSession::write($name, $value);
}
}
Use following code in helpers array of controller to use this helper
var $helpers = array( 'Session' => array('className' => 'ExtendSession'));
I am using Yii framework for my application. My application contain 4 controllers in which I want to pass value from one controller to another.
Let us consider site and admin controller. In site controller, I manage the login validation and retrieves admin id from database. But I want to send admin id to admin controller.
I try session variable, its scope only within that controller.
Please suggest the possible solution for me.
Thanks in advance
You want to use a redirect:
In the siteController file
public function actionLogin()
{
//Perform your operation
//The next line will redirect the user to
//the AdminController in the action called loggedAction
$this->redirect(array('admin/logged', array(
'id' => $admin->id,
'param2' => $value2
)));
}
in the adminController file
public function loggedAction($id, $param2)
{
//you are in the other action and params are set
}
I implemented security according to this tutorial:
http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application
What I want it to do is if a user issues a request and isn't logged in, they are presented with the login page and then redirected back to their original request.
I think I need to add code in app_controller.php (the top level controller) to save the initial request as maybe a session variable, and then add a line at the end of this function in the users controller to redirect to the saved value:
function login() {
if ($this->Session->read('Auth.User')) {
$this->Session->setFlash('You are logged in!');
// redirect to referrer here
}
}
Am I on the right track here?
you could do a quick search... Take user back to previous page after logging in?
So from dogmatic's linked thread, it looks like all I needed to do is replace this line from the tutorial:
$this->Auth->loginRedirect = array('controller' => 'alerts', 'action' => 'index');
with this:
$this->Auth->loginRedirect = array('controller' => 'alerts', 'action' => 'home');
I presume you've spent enough time with CakePHP to do steps below. Here is the solution;
Add the Auth and Session components to AppController's components (if you
haven't done). From now on all of your controllers able to use of
Auth and Session functions.
Override the beforeFilter() function of the UsersController (or similar controller
to manage user actions) with that one-line-of-code;
$this->Auth->loginRedirect = $this->Session->read("Auth.loginRedirect");This
code should be placed into function since PHP doesn't support function calls into
variable assingment.
After that, to prevent mistaken redirection to already redirected pages, also add that line to the
UsersController's beforeFilter() function;
$this->Session->write('Auth.loginRedirect', "/");
The above code is not required if you sure that done step 4 for every controller.
Override the beforeFilter() function of
the controller that you wanted to get back there after login with
that one-line-of-code;
$this->Session->write('Auth.loginRedirect', Router::url(null,
true));.What this code does is simply writing the fullbase of
controller/action[/param1...] URL (be careful with the parameters
btw) to the Session with Auth.loginRedirect name.
PS: Read jocull's comment to find out why I didn't use the $this->here.
I have an edit action in the users controller. What I want to do is redirect anyone to a different action if their Auth.User.id does not equal the id of the user they are trying to edit.
I can access variables in my views like this:
if($session->read('Auth.User.id') != $id){
but this doesn't work in my controller. Getting:
Undefined variable: session
How do I access session data within a controller? also, if any has a better way of achieving what I want to do, feel free to add!
Thanks,
Jonesy
You must first add Session as a component in your controller:
var $components= array('Session');
You can then access it in your methods via $this->Session
You can read Session data in a controller with $this->Session->read('Auth.User.id'); The CakePHP Session component, if I remember correctly, is automatically loaded into all controllers unless you have defined the default components elsewhere. If $this->Session is undefined, include it into your $components array in your controller like var $components = array('Session');
It's important to note that Helpers are not the same as Components. Generally speaking, Components are extended functionality for your Controller. Whereas Helpers are extended functionality for your view.
For a complete look at all possible methods, the CakePHP Cookbook will be invaluable for you! http://book.cakephp.org/view/1310/Sessions
i'm trying to work out how i can stop zend or redirect zend to go to a different zend controller and action if a check within the boot strap fails.
for example a get variable does not exist or more likely a session does not exist meaning the user must log in.
so the user had originally requested index/someaction
but i want them to go to login/index
within my boot strap i would place the condition and then change the controller action to view.
if i'm doing this in a way that is not standard can anyone direct me to documentation on the best practice ?
zend novice
From Zend documentation (Dispatcher)
// forward to an action in another controller:
// FooController::bazAction(),
// in the current module:
$this->_forward('baz', 'foo', null, array('baz' => 'bogus'));
I'd sugest you to do with plugins for access check on each page and for login create an authentication controller.
Here you'll find out how to do this http://alex-tech-adventures.com/development/zend-framework/61-zendauth-and-zendform.html
An example:
class Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
// ...
if(!$auth->hasIdentity())
{
$request->setControllerName('authentication')
->setActionName('login');
}
}
}
I don't usually put authentication in the bootstrap, that should have it's own controller.
Create an AuthController() to set up your auth adapter and and set up your instance.
Then in a common view (for secure pages), just check your instance with something like:
$auth = Zend_Auth::getInstance();
if(!$auth->hasIdentity())
{
#re-direct to login page
}