I need to be able to logout other users. I tried the following:
Yii::$app->getSession()->destroySession($sessionId)
I do this for every sessionId connected to this user.
I tried changing the authKey (with enableAutoLogin set to true).
Setting enableAutoLogin to false doesn't help.
The session is deleted in the database but as soon as that user does a new request his session, with the same sessionId as before, appears in the database again.
I tried using this:
Yii::$app->user->switchIdentity(User::findIdentity($id), 0);
Yii::$app->user->logout(true);
The switchIdentity works but creates a new session in the database (that i destroy with the logout method).
As a test I have downloaded both the basic and advanced template and both have the same problem. What am I missing here ?
I tried doing the same in pure PHP but somehow Yii manages to get the user session back and the user is still logged in.
I am using Yii 2.0.6
Related
I'm trying to create an api which use a Session variable. This what I did:
Login
return auth('api')->attempt($credentials);
Call an api which save a variable test to Session
Session::put('test', $venueId);
Log out. In logoutController, call Session::flush() (I tried with Session::forget('test') too).
Session::flush();
// Session::forget('test');
auth()->logout();
Login again.
Call Session:all() in a randomly api. => Variable test still there.
I've checked in database, when I use auth()->logout() in controller, database create a new session in sessions table which has payload same with payload in step 2. And when I login again, it seems to use 2nd session (which created after logged out in step 3) to get value.
How can I handler this? I want all session to be flushed after user logout
I found out problem. I've used multi authentication, so I have 2 logout controller and I put Session::flush() to wrong controller. Put Session::flush() into correct controller and it worked.
I am using cakephp 2x and facing issues with cakephp session.
And the flow of website is like whenever you register successfully its auto logged-in and redirects to home page.
Here I am using data from cake session like:
$this->Session->read('Auth.Front');
But it returns different values on register and on login.
So how to debug it ? from where its writing session 'Auth.Front' ?
AuthComponent is surely overwriting the Auth key with the user data. Try using a different key.
This should work:
$this->Session->write('Front',$myData);
$myData=$this->Session->read('Front');
Our Laravel 5.1 application has been using the "native" session driver setting (configured in the .env file). With it set this way, we were able to use the laravel url.intended behavior to redirect the user to the url they were attempting to access prior to being authenticated.
We had to change it to "cookie" because every time we use Amazon's Opsworks system to deploy a new build, users were logged out because their server-side session files were no longer available. Once we changed it to cookie, the users remain logged in even when we deploy a hotfix or new build.
However, with it set to cookie, the url.intended does not work at all. I tried hacking together some solution by adding a custom url intended node, but it just won't work. It seems like when the user attempts to access a url prior to being logged in, it sets the session info, but then the application redirects the user to the login page where it's getting nulled out.
I'm using Debugbar to look at the session vars and I'm going crazy. I'm already bald so I have no more hair to pull out.
Does anyone have any ideas?
We ended up setting up a Dynamo database at first and then transitioned to Redis on a common server. We have a load balancer and don't want sessions getting lost or corrupted by switching servers so all cache is now being stored in that common location.
My Users can change their passwords on a form. If this the form is valid I encode it, invalidate the session by using
$this->get('security.context')->setToken(null);
$this->getSession()->invalidate();
...flush the user to the database and do a redirect (to the same url).
Beside this I have a mechanism to store some information in the session before forwarding and showing this data in the 'forwarded' template.
Both work well on their own, but not together :-)
I can see, that the value is written (after invalidating the session) and I believe, that symfony instantiates a new session.
I just don't know, what happens after that. Maybe symfony is doing 'some magic', because it 'injects' the login-page before show the redirected url.
I don't really understand what you're trying to do, and why you're invalidating the session, but your User need to be logged in to see the redirected URL.
Your code logs him out.
You can log a user by doing so :
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
$authToken = new UsernamePasswordToken($user, null, 'secured_area', array('ROLE_USER'));
$this->get('security.context')->setToken($authToken);
The third parameter is the providerKey, and the fourth is a roles array.
i'm trying to login and logout users within the tomcat/blazeDS environment. I wrote a custom Java Login Proxy to handle the login which works. As i tried to logout user i.e. invalidate Sessions i realized that the Flash Application gets a new Session Id (new Session) for every call of the AMF channel. What happens is that if i try to invalidate a session its useless because the next call will be new and valid with the same user credentials again.
How can i logout a user from a Flex Application / Tomcat context then? I cant't find good examples without custom Authentication.
Thanks
Andreas
You would have to pass the session id from Flex to the Java backend and have the backend invalidate the session to log out the user.