I'm trying to create an api which use a Session variable. This what I did:
Login
return auth('api')->attempt($credentials);
Call an api which save a variable test to Session
Session::put('test', $venueId);
Log out. In logoutController, call Session::flush() (I tried with Session::forget('test') too).
Session::flush();
// Session::forget('test');
auth()->logout();
Login again.
Call Session:all() in a randomly api. => Variable test still there.
I've checked in database, when I use auth()->logout() in controller, database create a new session in sessions table which has payload same with payload in step 2. And when I login again, it seems to use 2nd session (which created after logged out in step 3) to get value.
How can I handler this? I want all session to be flushed after user logout
I found out problem. I've used multi authentication, so I have 2 logout controller and I put Session::flush() to wrong controller. Put Session::flush() into correct controller and it worked.
Related
I'm trying to make a user logged in at back-end who is already a user of another website of mine. For now I'm able to fetch the user's data from previous website's database using an API and make user registration during the login process. Same time I want this user to be logged in when data is just inserted because now user is existing. I tried to reuse same method $this->processLogin(); but this method takes request function processLogin(Request $request) I can't feel passing email & pass to utilize this same method. I have tried guzzle self request with 3 parms 'email, password, _token' using POST request which didn't work. I don't want to exclude this route as well because it is being used for normal login. How can i make this user logged in right after inserting the required data? Please advise. Thanks in advance.
// if $id is your user that you want to login, then:
auth()->loginUsingId($id);
I am using Laravel 5.7. For security reasons, I set my laravel application to automatically logout after one hour inactivity. But I want the user log back in the same page before they got kicked out by the system. I try to use Session, but it only store previous url which is the login page url. How can I retrieve that URL before user got automatically logout?
All you need to do is put this in your logout function.
session(['returnUrl' => url()->previous()]);
And then on login function, redirect user to session('returnUrl') and delete session data with session()->forget('returnUrl')
Use this in your login controller
url()->previous()
I need to be able to logout other users. I tried the following:
Yii::$app->getSession()->destroySession($sessionId)
I do this for every sessionId connected to this user.
I tried changing the authKey (with enableAutoLogin set to true).
Setting enableAutoLogin to false doesn't help.
The session is deleted in the database but as soon as that user does a new request his session, with the same sessionId as before, appears in the database again.
I tried using this:
Yii::$app->user->switchIdentity(User::findIdentity($id), 0);
Yii::$app->user->logout(true);
The switchIdentity works but creates a new session in the database (that i destroy with the logout method).
As a test I have downloaded both the basic and advanced template and both have the same problem. What am I missing here ?
I tried doing the same in pure PHP but somehow Yii manages to get the user session back and the user is still logged in.
I am using Yii 2.0.6
My Users can change their passwords on a form. If this the form is valid I encode it, invalidate the session by using
$this->get('security.context')->setToken(null);
$this->getSession()->invalidate();
...flush the user to the database and do a redirect (to the same url).
Beside this I have a mechanism to store some information in the session before forwarding and showing this data in the 'forwarded' template.
Both work well on their own, but not together :-)
I can see, that the value is written (after invalidating the session) and I believe, that symfony instantiates a new session.
I just don't know, what happens after that. Maybe symfony is doing 'some magic', because it 'injects' the login-page before show the redirected url.
I don't really understand what you're trying to do, and why you're invalidating the session, but your User need to be logged in to see the redirected URL.
Your code logs him out.
You can log a user by doing so :
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
$authToken = new UsernamePasswordToken($user, null, 'secured_area', array('ROLE_USER'));
$this->get('security.context')->setToken($authToken);
The third parameter is the providerKey, and the fourth is a roles array.
I am trying to programmatically logout the current user from inside a listener.
I read here that
$this->get('security.context')->setToken(null);
$this->get('request')->getSession()->invalidate();
does the trick but then I can't call $this->container->get('security.context')->getToken()->getUser(); anymore as the token is now NULL.
How can I log out the user but still let the application run normally?
I have calls to getUser() in my controller functions so I should set back the token to something corresponding to an non authenticated user. How can I do this?
Also, if there is a way to programmatically start a new session and set a flash message to inform the user he has been logged out, it would be awesome.
Try
$anonToken = new AnonymousToken('theTokensKey', 'anon.', array());
$this->get('security.context')->setToken($anonToken);
first parameter is the token's key (i.e. '50cdf89882454')