So i work on quite a large appliaction. And we have been getting reports that our login don't work as expected. I've been looking around for some time now - and every question that is similar to mine have been left unanswered.
This is my session config.
$some_other_config["sess_cookie_name"]= "the_one_i_want_session";
$some_other_config["sess_expiration"]= 2678400;
$some_other_config["sess_encrypt_cookie"]= false;
$some_other_config["sess_use_database"]= true;
$some_other_config["sess_table_name"]= "db_session";
$some_other_config["sess_match_ip"]= false;
$some_other_config["sess_match_useragent"]= false;
$some_other_config["sess_time_to_update"]= 7200;
Also, we have one more session
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'really_unimportant_session';
$config['sess_expiration'] = 2678400;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'a_non_exisiting_legacy_table';
$config['sess_save_path'] = '/path/to/the/sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['sess_match_ip'] = FALSE;
Now here is the funny part "the_one_i_want_session" is the one keeping track of the user being logged in or not, right?
Well, if I connect to a vpn (i think it might be the IP change) and connect to whatever country, I won't be able to log in. We can log in in two ways: With a ajax post-request, or a regular form post.
They are basically the same, when you log in to the ajax, the login gives the correct login successful state, we write the session, it get stored in the database, and we give the user a successful message, and a choice to where to go next. When we do another request, the session is not updated.
With the regular form-post, the excact same happens but we do a redirect with the codeigniter framework. Again the session hits the db, but after the redirect the session is not connected to the browser.
Kicker: if i disable my vpn, it everything works, like a charm. I used Private Internet Access for this test.
I don't really know where to go next. The only thing i have seen is that in CI3 the session is supposed to work together with the $_SESSION superglobal, but my $_SESSION is always NULL. Could there be a problem with two sessions defined?
Edit:
One more thing i forgot to mention is. This only happens in production. We basically have a mirror of the site, with almost the same config (session configs are the same), and login works on the mirrored site.
Edit2:
It seems that even the setcookie-function does what it is supposed to do, and returns true. Im confused.
Related
I need a way to store temporary data for anonymous users.
Apparently this is not possible with:
\Drupal::service('user.private_tempstore')
Unless you write a custom constructor for the session management and stuff, which seems a little far-fetched to me?
I tried using
\Drupal::service('user.shared_tempstore')
But that saves the temp data for all anonymous users. So it's not linked to a single user.
Using raw $_SESSION['data'] works fine, but I'm not sure if I'm supposed to be doing this in Drupal and how safe/unsafe it is to do this?
Sessions (Drupal 8) are used via the simple Session implementation of SessionInterface interface. See Complete Tutorial of Sessions (Drupal 8).
Example:
use Symfony\Component\HttpFoundation\Session\Session;
$session = new Session();
$session->start();
// set and get session attributes
$session->set('name', 'Yash');
$session->get('name');
// set flash messages
$session->getFlashBag()->add('notice', 'Profile updated');
// retrieve messages
foreach ($session->getFlashBag()->get('notice', array()) as $message) {
echo '<div class="flash-notice">'.$message.'</div>';
}
I am not answering your specific question (regarding $_SESSION) because I have successfully used:
$session = \Drupal::service('user.private_tempstore')->get('your_module');
$session->set('whatever', $whatever);
from within procedural code (i.e. hooks, themes) without problems.
Pay attention that this private tempstore has to be assigned to a module (for the lack of a better way of saying this) which is the purpose of this line
$session = \Drupal::service('user.private_tempstore')->get('your_module')
After you get the private tempostore you can now set and get the session values:
$session->get('whatever');
$session->set('whatever', $whatever);
EDIT
Sorry, you explained correctly. I didn't get the critical part 100% ;)
You can always access the Session object from the request.
$session = \Drupal::request()->getSession();
$session->set('whatever', 'hello');
$value = $session->get('whatever', 'default');
I've been using plain PHP $_SESSION variables for a while now.
Did some research on them and they should be perfectly safe to use.
They're working correctly everywhere I use them and they have been working correctly for a while.
Don't think there's any issue using them in Drupal 8.
I'm a beginner with redis. And i'm quite confused with the codeigniter 3 documentation.
I just installed a redis server and used the ci session library with redis in my app. It works quite well ... but nothing is mentioned concerning a password auth.
here is my config.php :
$config['sess_driver'] = 'redis';
$config['sess_save_path'] = 'tcp://localhost:6379';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
How am i supposed to ask for an authantification ? I suppose that everybody could access to my session table in the actual way.
The session library documentation has a bunch of links at its top, the so called "table of contents".
One of these links, aptly named "Redis Driver", points to ... the "Redis Driver" section of the document, which contains barely a few short paragraphs, exactly so you don't get lost in between lots of text.
Only one of those paragraphs mentions the word "config", and it says the following:
Just as with the ‘files’ and ‘database’ drivers, you must also configure the storage location for your sessions via the $config['sess_save_path'] setting. The format here is a bit different and complicated at the same time. It is best explained by the phpredis extension’s README file, so we’ll simply link you to it:
https://github.com/phpredis/phpredis#php-session-handler
Sure, the document doesn't contain the word "authentication", but this is hardly confusing ... you only have to click a link.
For clarity and to provide a specific example:
"tcp://host:port?auth=password"
This is working to me CI3 > config.php:
$config['sess_driver'] = 'redis';
$config['sess_save_path'] = 'tcp://host*:port*?auth=password*';
saw this example
var sess;
app.get('/',function(req,res){
sess=req.session;
//Session set when user Request our app via URL
if(sess.email)
{
/*
* This line check Session existence.
* If it existed will do some action.
*/
res.redirect('/admin');
}
else{
res.render('index.html');
}
});
app.post('/login',function(req,res){
sess=req.session;
//In this we are assigning email to sess.email variable.
//email comes from HTML page.
sess.email=req.body.email;
res.end('done');
});
my tiny understanding is: when user login, server generates session id to him/her, assuming this is the login for the 1st time.
But in the above login code,
1. sess = req.session,sounds like client creates a session object at first ?
or client is creating a session storage space ?
2. who sets session.id or sessionID ?
3. any better example ?
The original sample is here
https://codeforgeek.com/2014/09/manage-session-using-node-js-express-4/
I am also learning node just like you. If you continue your journey, you will encounter so many similar curiousness because way node works behind the modules.
I also had so many question marks but I couldn't afford to search for right answer everytime. what I suggest is get node-inspector, a node debugger tool, and actually follow through.
That way you will actually understand what each module is doing.
instruction: https://www.youtube.com/watch?v=03qGA-GJXjI
Big tip that this instruction doesnt tell is fact that node breakpoint is bit weird.
I would definitely use "debugger;" code which puts breakpoint, rather than breakpointer that provided by tool.
I am trying to find a way to run codeigniter from a sub-directory of another codeigniter installation. The CI from the sub-directory would be for testing and the main one is the live site. Anyone could advice on this or any other better approach ?
I believe you can just place this in the root folder and set the base url in the config :
$config['base_url'] = 'http://www.example.com/testsite/';
then it works.
There can be issues with the first application serving the 404 pages when a route is not matched however
I am posting the answer here, because is too long to use it as a comment...
I made it thru another approach: setting different $active_group in the config/database.php file.
So, first I have checked for a parameter in $_GET, if that is set we use a group, otherwise the default group (the other group is used for testing - a separate database, exact structure but without touching the main db)
if(!isset($_SESSION)){session_start();}
if (isset($_GET["debugmode"])){
$active_group = 'demodb';
$active_record = TRUE;
$_SESSION['debugmode'] = true;
}elseif (isset($_SESSION["debugmode"])){
$active_group = 'demodb';
$active_record = TRUE;
}elseif(!isset($_GET["debugmode"]) && !isset($_SESSION["debugmode"])){
$active_group = 'default';
$active_record = TRUE;
}
To make sure this will work on all the controllers /views, because we wont have that $_GET parameter all over the application, we can set that session value once we have that $_GET parameter present. Also, we have to make sure we destroy that session when we log out or after an amount of time.
Reason of using a Session value: by default CI is using that table to store the sessions, without using our session value, it will force somehow to use the default DB, or at least I couldn't find it to trick this step.
Does anyone have any experience using this plugin? i've acquired the client library for php, and setup the appropriate functions in my controller. i get a valid response when i click "test" from the plugin settings page in vanilla, but now i'm stuck... where do i go from here?
to be more clear about the issue, i dont know what my next step is. What I mean is, I know I must be missing something... heres the controller function (or page) i'm using as the endpoint for the plugin :
// 1. Get your client ID and secret here.
$clientID = "1234";
$secret = "1234";
// 2. Grab the current user from your session management system or database here.
//so i check to see if the user is logged in to my codeigniter's auth
//all works fine
// 3. Fill in the user information in a way that Vanilla can understand.
$user = array();
if ($signedIn) {
// i then set these according to the user info of the logged in user
$user['uniqueid'] = '123';
$user['name'] = 'John PHP';
$user['email'] = 'john.php#anonymous.com';
$user['photourl'] = '';
}
// 4. Generate the jsConnect string.
$secure = true;
WriteJsConnect($user, $_GET, $clientID, $secret, $secure);
http://vanillaforums.org/docs/jsconnect is the docs site, which makes no mention of what to do past my current point.
I had to figure this out for myself as well, and did so finally last night. I have written up the files and put them into a github repo so that other people with CodeIgniter can enjoy the JsConnect features with their sites more easily. I really like it now that it is working!
You can download the code and just follow the readme here:
https://github.com/mandersondesign/JSConnect-Codeigniter
If there are any issues that you have, let me know and I will help you out!