please, I have an question about CI Cart library and sessions connected with this. I have setted "sess_time_to_update" to 300 secs (default value) and if this time expires I canĀ“t see products which I saved to the Cart. Is it normal? If I look into database, the other datas here are stored, but cart products not.
Thank you
Yes it is:
How do Sessions work?
When a page is loaded, the session class will check to see if valid
session data exists in the user's session cookie. If sessions data
does not exist (or if it has expired) a new session will be created
and saved in the cookie. If a session does exist, its information will
be updated and the cookie will be updated. With each update, the
session_id will be regenerated.
Once the session has expired (or destroyed) any data stored on it will be deleted.
Shopping Cart Class
The Cart Class permits items to be added to a session that stays
active while a user is browsing your site.
So you have to save the cart's info in your own table if you want it to persist.
See this nice answer about saving cart's informatino into the database (as string, I mean not ideal way, but it help if you want it to retrieve "the last cart" even if the user's session ends) (if you want to keep this information like forever, better to save properly in your own table not as string):
Codeigniter Cart - saving data in database - how to approach?
May be helpful for your need.
Related
I have auth working fine. Users can log in and out, no problem. The thing is, if users share a login, they can all be logged in at the same time as the one user. Not good.
I need to have CakePHP know when a user is logged in, which I assume is a process started using:
'Session' => [
'defaults' => 'database'
]
As per the Sessions book page.
It's then I get lost. Unless I have missed it there is no reference to limiting users to one active session each. Has anyone come across this before and, if so, how did you work around it?
To clarity:
All sessions deleted from DB & all cookies deleted in browser = nothing set in either when visiting the /users/login page (incidentally, this has been set up as per the tutorials - nothing fancy).
Login = session set in db with id corresponding to cookie in browser. Exactly what you'd expect.
Logout (which then redirects back to login) = old session removed then replaced by another in DB and cookie. Different id. So something is picking up the expired cookie and refreshing it. Hmm.
The information held in the cookie is just the session id. In the DB it's simply:
Session id | a blob | expiry time
I assume you save users and sessions in a database (by default in cakePHP it is named sessions).
Add an active_session field, update it upon login, check it on requests to ensure that current user session id matches the last one stored in the database.
On Login action do:
UPDATE `users` SET `active_session`='$session_id';
When user goes to a page that requires login, you search that value:
SELECT * FROM `users` WHERE `active_session` = '$session_id';
If the user signs in other place, the previous session key gets overwriten, and the SELECT above returns an empty result-set.
It's possible to clean the old session token before the update, so this way old session will be destroyed on per user basis.
Be careful, if you are using AuthComponent, it might rotate sessions itself, for more information you may find in the corresponding section of CakePHP manual.
I'd definitely go AuthComponent-way, and wouldn't re-invent the wheel in CakePHP.
I tie users to their cell phone. Every day they get a new 6 digit code via twilio sms. Makes it hard to share logins, but not impossible. Ultimately, I would like to track how many different machines a users uses per day and establish some fair use limitations. If a user uses three or four machines in a day, that's fine, but when they start using the same user id on twenty or fifty machines a day, that might be a problem.
I'm working on a shopping cart and facing an issue with FOSuserBundle registration flow :
My users can add whatever they want to their cart, being or not logged/registered, but before checking out, i want them to login/register.
The main important thing is that I want after login/registration they can get back the same shopping cart they had before. To achieve it, i'm saving into the user session a random key and i'm saving this random key in the database with all articles data.
I hava no problem with the login flow, the session is kept without any change (symfony preserves all session data), so the user retrieves his session, but my problem is with registration.
When the user wants to checkout and have not an account yet, he needs to register, and when the registration is complete (with FosuserBundle, sending an activation link by mail) the user session is completely resetted so the shopping cart is lost but has not really disappeared : Actually, a weird thing i observed is that the browser seems to deal with 2 different sessions at the same time but in 2 separate tabs, in the old browser tab (before registration), data is still here, but in the new tab the session is cleared
So my question is, is there a way to give back a user his session after a successful registration in Symfony2.1 and while using FosUserBundle?
Thank you in advance
My security config file was the cause
I had to set the option session_fixation_strategy to "migrate", that now works perfectly, thanks
Login/Logout is handled by symfony's 2 security component while registration is handled by FosUserBundle.
You can try to override the registration handler https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/overriding_controllers.md and migrate your old session: http://symfony.com/doc/current/components/http_foundation/sessions.html#session-api
I have a CakePHP app where users have pages tied to their accounts. For example, the page ID 123 is tied to user 321.
Whenever the user logs in, all the pages tied to his account are saved in the session.
Admins are the only one who can tie a page to an user. And here is the problem. If an admin adds a new page to an user and if this user is logged, he won't see this new page tied to his account unless he logs out/in. In other words, while his current session is valid.
What would be the best way to deal with this? If there is any way...
Find the user session and... update? delete? Is this even possible and/or "elegant"?
Send a message to this user warning about the new page and tell him to logout/login?
Stop saving this info in the session and rely on database only?
You really should stop saving this info in session.
I am working in ASP.net 3.5 C#. What i am trying to do is when Session_End event gets called, I want to update the logged in User's status in database that the current User has logged out by any means (Logged out manually, Session time out etc. It calls Session_End Event). The problem is i am not bale to maintain the UserID. I can't access Session variable as session has already expired cookies also dint work for me.
Please suggest a solution.
Thanks a lot
Regards
Vivek
Try pushing the UserID to ViewState, if you have a BasePage from which all your pages inherit or if you use MasterPage then it should be quite easy to push the UserID to viewstate on each page. Cookies should be alive beyond session life. Are you setting Expiry time to your cookie?
You should be able to access session variables in Session_End event. All data stored in a session are deleted after the Session_End event finished. But you should be careful, because sessions are created for all visitors. If you store UserID in a session then it can be null inside Session_End if someone viewed the login page, but did not log in. It is not recommended to set the session timeout to days, because these sessions may fill all server memory.
I am displaying a products section where there is an add to cart button.
The user may or may not be logged in.
Instead of maintaining the cart items in session i maintain it in the database with the current session id as reference.
After a few navigation or default session time out the session id is regenerated.
So the current session id does not match with the items added by the user in the database.
So the total items and amount which i display at the top of the page because zero.
I had maintained the cart items in the session in the previous projects so i haven't had any problems.
I am using code igniter frame work
What should i do to sync the regenerated session id of codeigniter and the session id of the cart items. I am using Native Session in codeigniter rather than the default session management which comes with codeigniter. The reason is the session does not work in IE6 because i hope IE6 is not understanding CI's headers or some thing like that.
I want to maintain the cart items in database only. What shall i do?
Or you can use the Native Session of CI
You could use standard PHP sessions - track your own session ID and store that in the DB. Skip the regenerated CI-SessionID entirely.
http://www.php.net/manual/en/session.examples.basic.php
Of course, the downside to this is the sessions aren't stored as cookies in this manner so when a user's session expires - they lose their basket. But you can work around this yourself with either a manual cookie store, or force the user to register/login to save basket data.