I'm trying to make the Auth module to 'remember' the user session with a checkbox on the login page. What happens is that no cookie is created, only session as usually. I've noticed the user_tokens table, but don't see any use of user_token model's methods at all. I do pass (bool) TRUE as a third parameter to login() method, but there's no difference.
Is this feature complete at all or I have to add my own by overwritting the login() method of Model_Auth_User ?
What's the best practice for this ?
I also opened a topic on Kohana Forums
Answer from the Kohana forum (credit to biakavero) pasted here for reference:
Call Auth::instance()->login() with $remember = TRUE
DB Token for current user created. Cookie authautologin generated.
Destroy user object : Session::instance()->delete('auth_user'); // dont call logout() method as it will delete cookie & token
Call Auth::instance()->auto_login() and check for Auth::instance()->get_user() // should return Model_User object
Related
I'm working on a client project that wasn't conceived with services and authorizations, so the user gets logged in and creates a user session.
I have to control the access in a basic "UserboardController".
I have a constructor before any methods :
class UserboardController extends Controller
{
public function __construct() {
$session = new Session();
$uSession = $session->get('user');
if (!isset($uSession)){
return $this->redirectToRoute('logout');
}
}
I tried many ways to redirect and always get this error :
Call to a member function get() on null
Symfony will show me two other traces inside redirectToRoute from ControllerTrait.php :
return $this->redirect($this->generateUrl($route, $parameters), $status);
and
return $this->container->get('router')->generate($route, $parameters, $referenceType);
Any idea how I could simply redirect the user to the logout route ?
This is an important step as the logout method will do other actions based on cookies before logging out and redirecting to the login form.
Logout route is defined and works if the user accesses it from the URL.
Thank you
First of all, if you want to access session you should pass it as argument and get benefit of autowiring. Secondly, this shouldn't be done in a controller's constructor.
Thirdly this looks like the case for the security module of symfony. Symfony when properly configure will return use by default to /logout route of any route that is defined as logout route
So what you need to do is define in security.yaml your firewalls and define in access_control the path that should be under the firewall
Check this for more clues https://symfony.com/doc/current/security/form_login_setup.html
I am developing a project using laravel 5.2. I use default authentication in this project by running this command.
php artisan make:auth
Everything is working great. Now I want to put some data in session after authenticate the user. I can not find the place where I put my code to store data in session after authenticate the user. I googled but not found any solution.
Finally I got answer from another question. Here i post the solution for who are looking this type of solution
https://stackoverflow.com/a/36491235/2738927
You can check whether the user is logged in or not using the following code.
if (Auth::check()) {
// The user is logged in...
}
Then you can use the session helper class to set the required value in session.
session()->set('session_key', 'session_value');
Additionally, you can remove the session using the forget method.
session()->forget('session_key');
Resources to read.
https://laravel.com/docs/5.3/authentication
https://laravel.com/docs/5.3/session
https://laravel.com/docs/5.3/helpers#method-session
In 5.2 you need to override login() method from Illuminate\Foundation\Auth\AuthenticatesUsers trait in AuthController.php.
To set data use session() helper in login() method:
session(['key' => 'value']);
I have implemented a remember me login in my laravel 5.3 project, but iam running with some issues, when the user return to the page its automaticaly logged in but the custom sessions variables are not set because the session already expired.
I have my sessions lifetime to 120 and expire on close is true.
My question is: how do I check if the user is being authed via remember me token to reasign session variables? I was thinking to create a Middleware for that but i don't know if thats the correct approach.
My customs sessions variables are:
session()->get('client_id') -> int
session()->get('acl') -> array
Can anyone guide me to the right direction?
Check the following solution and see if it works.
Determine if the User Was Authenticated Via the Remember Cookie
Edited:
Add a event Listener to EventServiceProvider
protected $listen = [
'Illuminate\Auth\Events\Login' => [
'App\Listeners\UpdateLoginType#handle',
],
];
Generate event and handler for the listener
php artisan event:generate
Go To UpdateLoginType and edit handle method to check login type
public function handle(Login $event)
{
if (\Auth::viaRemember()) {
//do something
} else {
//do something else
}
}
Make sure your pass the remember variable properly while logging in.
Question similar to this one
In everything CakePHP app I have worked with recently, the login function is empty so how on earth does the login functionality work?? I presume somehow Cake is defaulting, not sure how it knows to even default it, but where is/are these defaults?
i.e function login() {}
look at the auth component https://github.com/cakephp/cakephp/blob/master/cake/libs/controller/components/auth.php#L680
The whole magic happens in the startup() callback of the AuthComponent. That method is triggered before the controller action is executed. It checks if there is POST data in the defined format (data[UserModel][usernameField], etc.), validates it against the User model and redirects you to loginRedirect, if it was successful.
CakePHP knows on which controller/action pair to act through the $loginAction property you can set to the AuthComponent.
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
i hope this tutorial will be useful for user login management
how to acess user session in sfDoctrineRoute with symfony ?
var_dump(sfContext::getInstance()->getUser());
returns NULL
i cant access current user session in routing
Accessing user session from a custom routing class = bad response
You should use the sfDoctrineRoute::setQuery() method from your controller, and generate a query using its sfUser reference and, for example, the user credentials it contains:
protected function executeIndex(sfWebRequest $request)
{
$query = Doctrine::getTable('Foo')
->createQuery('f')
->whereIn('f.access_level', $this->getUser()->getCredentials())
;
$this->getRoute()->setListQuery($query);
$this->foo_list = $this->getRoute()->getObjects();
}
Hope it helps.
PS: you should ALWAYS avoid calling sfContext::getInstance().