I have strange problem with sessions. In my small admin panel for my site there were some pages, 6 in fact. All worked nice. But in time I added one more page and when I go to that one firstly I see the content and after refreshing page or going to another one I'm thrown out from the account. Cookies are not deleted. It seems that session is destroyed but there is no any work with sessions. That is just infomartion page where some data from db is displayed.
This is code from index.php where session starts:
ini_set('session.gc_maxlifetime', 3600);
ini_set('session.cookie_lifetime', 3600);
session_start();
...
And this code from problem page 'orders.php':
$res = $administrator->getOrders();
while($order = mysql_fetch_array($res, MYSQL_ASSOC)) {
filtrate and print data from db in a table
}
Do you have any assumptions? I have not, was searching for an error for 2 days ;(
Check authorization function:
public function checkLogin() {
if(isset($_SESSION['hash']) && isset($_SESSION['id'])) {
$id = intval($_SESSION['id']);
$where = "`id`='$id'";
$cookie = DBWorking::getFieldWhere('cookie', 'users', $where);
$hash = mysql_fetch_assoc($cookie);
if($_SESSION['hash'] === $hash['cookie']) {
return true;
}
}
return false;
}
Related
I have annoying problem that I can't fix for hours. Have been trying all google suggestions, so far nothing.
Function for setting/getting cookie right now:
/* Check if user is logged in or else take cookie */
if(Auth::check()){
$user_id = Auth::user()->id;
}else{
if(Cookie::get('user_id') !== null){
$user_id_cookie = Cookie::get('user_id');
}else{
$user_id = Cookie::forever('user_id', Str::random(15));
$user_id_cookie = $user_id;
}
}
/* Check if user is logged in or else take cookie */
Cookie is set, but it doesn't get value back to blade.
For getting cookie value I have tried multiple solutions, for example 2:
$old = Crypt::decryptString(request()->cookie('user_id'))
$cookie_value = explode("|",$old)[1];
Or (As I have another cookie made in same way, and it's working. But I have no idea, why..)
$old= Crypt::decrypt(Cookie::get('user_id'), false);
$cookie_value = substr($old, 41);
But all these solutions shows this error:
Illuminate\Contracts\Encryption\DecryptException
The payload is invalid.
I am working on a project which requires some manager level access to perform tasks, so when I receive a call I forcefully logging in the request as a superuser so that it will have all permissions to complete that task. For login I am using this code:
function forceLogin($superuserId)
{
$user = JFactory::getUser($superuserId);
//Will authorize you as this user.
JPluginHelper::importPlugin('user');
$options = array();
$options['action'] = 'core.login.site';
$response = new stdClass();
$response->username = $user->username;
$response->language = '';
$response->email = $user->email;
$response->password_clear = '';
$response->fullname = '';
$result = $app->triggerEvent('onUserLogin', array((array)$response, $options));
return true;
}
By this my current login user will be superuser. Now the concern is when any extension is searching for permissions, it is still getting that current session doesn't have them and so it returns false.
One of the solutions I came around is to redirect internally after login and then proceed to other tasks, in that way the system recognizes session to be availed with all permissions. For example -
I received something in getNotification()
function getNotification()
{
//from here I log in the user
$this->forceLogin($speruserId);
//and now redirect
$app = JFactory::getApplication();
$app->redirect('index.php?option=com_mycomponent&task=setNotification');
}
Now I proceed further request from setNotification()
function getNotification()
{
// do my work here
}
To be specific, the issue is arising in VirtueMart (e-commerce extension) in which I am creating a product from my call and while creating a product it checks vmAccess::manager('product.create') which is actually same as core.create of Joomla.
I think by redirecting session is being reset with current user and so it gets all permission. Can it be done without redirection? If yes, how?
I tried to access the previous URL on Laravel 5.3 Homestead by several methods but all times i got the right previous page at first request then i got the same page after i refresh the page.
I am using Middleware to check the language before accessing the page
URL::previous();
// or
back()->getTargetUrl();
Language middleware
public function handle($request, Closure $next, $guard = null) {
$locale = $request->locale;
$segments = $request->segments();
$lang_sess = $request->session()->get('language');
if (!array_key_exists($locale, Config::get('app.locales'))) :
if (count($segments) > 1):
$segments[0] = ($lang_sess == "") ? Config::get('app.fallback_locale') : $lang_sess;
$re_to = implode('/', $segments);
else:
$locale = $request->session()->get('language', 'en');
$re_to = "/$locale/" . implode('/', $segments);
endif;
return Redirect::to($re_to);
endif;
$request->session()->put('language', $locale);
App::setLocale($locale);
return $next($request);
}
[SOLVED]
as i still developing my web app, i didn't go the page through a 'href' link, i was entering it through copy and paste the URL into browser, and this causes the URL::previous to be changed after reload the page..
Case closed, thanks for all who replied and gave attention.
the 'previous URL' is stored in a session.Every time your URL changes, the session()->get('_previous')['url'] will change to previous url.
Doing the logic this way:
if (url()->current() == url()->previous()) {
url()->setPreviousUrl('xxx') // or other logic here
}
If you go to page A from B . Your previous page will be B . But if you refresh page then you are going from A to page A.
I suggest to use cookie in this case by checking previous page , if different change cookie otherwise keep it as it is.
$last_page = URL::previous();
if(Cookie::get("previous_page") == $last_page){
Cookie::make('previous_page',$last_page, 60);
}
Now you can use this cookie value Cookie::get ("previous_page") in your middleware
Not tested but this would guide you.
set_flashdata is not working directly after redirect with only one redirect.
I am using one controller in this process - Profilers' Controller. It handles the member confirmation process and also displays the login page on the redirect. The process is as follows:
this session set_flashdata ('topic', 'newmember')
redirect ('login')
route ['login'] = 'profilers/signIn'
topic = $this session flashdata ('topic')
I have turned off all database session configuration for cleaner debugging and even though session library is turned on in configs, I have started calling it anyways which doesn't seem to work either.
Here is my code. As you can see, I am sending path info to a log file path.log:
in controller Profilers, function confirmMember:
public function confirmMember()
{
//use_ssl();
$this->form_validation->set_rules('handle', 'Unique Member Name', 'trim|xss_clean|required|min_length[5]|max_length[30]');
$this->form_validation->set_rules('confirmation', 'Confirmation Code', 'trim|xss_clean|required|min_length[20]|max_length[20]|alpha_numeric');
if ($this->form_validation->run() === FALSE) {echo "here";exit;
$data['handle']=$this->input->post('handle');
$data['confirmation']=$this->input->post('confirmation');
$this->load->view('signing/defaults/header',$data);
$this->load->view('defaults/heading',$data);
$this->load->view('defaults/banner');
$this->load->view('defaults/banner_right');
$this->load->view('member/temp/index',$data);
$this->load->view('defaults/footer',$data);
} else {
$post = $this->input->post(NULL,TRUE);
$data['member'] = $this->Signing_model->model_confirmMember($post);
if ($data['member']['confirmed']!==FALSE) {
/* PATH CHECK */
error_log("member confirmation not false\n",3, LOG_DIR.'path.log');
unset($post);
$this->session->sess_destroy();
$this->session->set_flashdata('topic', 'newmember');
// $this->session->keep_flashdata('topic');
redirect('login','refresh');
} else {
/* PATH CHECK */
error_log("member confirmation IS FALSE\n",3, LOG_DIR.'path.log');
$this->load->view('member/temp/index',$data);
}
My log file shows that the path is using the correct path and showing "member confirmation not false".
I have tried with keep_flash data on (which I assumed wouldn't work since there are no other redirects) and off.
I have also tried redirect without 'refresh'.
In config/routes.php:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
$route['join'] = 'profilers/joinUp';
$route['login'] = 'profilers/signIn';
...
Login page uses Profilers Controller, signIn function as show above:
public function signIn()
{
$topic = $this->session->flashdata('topic');
if (isset($topic)) {
$message = "topic is set. topic = ".$topic."\n";
if ($topic!==FALSE) {
error_log("flash var topic is not false\n", 3, LOG_DIR.'path.log');
} else {
error_log("flash var topic is FALSE\n", 3, LOG_DIR.'path.log');
}
} else {
$message = "topic is NOT set\n";
}
error_log($message,3,LOG_DIR.'path.log');
exit;
...
...
}
log file is showing that topic is set but is false.
"flash var topic is FALSE"
"topic is set. topic = "
Of course topic var not set since it is FALSE.
As you can see, I have moved the get flash data function to the beginning of my controller function to bypass anything that may be corrupting data.
You may need to start the session again after you have destroyed it.
Try adding this after your call to sess_destory():
$this->session->sess_create()
Alternatively you could avoid destroying the session, and unset() the values you wish to get rid of.
I am using the default Codeigniter page cache e.g.:
$this->output->cache(n);
My problem is that I am using this within two different controllers and getting a duplicate cached page i.e. the same page being returned for both. I believe this is due to using a subdomain e.g:
mobile.mysite.com => Controller 1
mysite.com => Controller 2
When I enable the cache on both, i get the same page returned.
How can I generate a different cache for each?
Regards, Ben.
By default the output cache is controller based. So as you see if a controller is named the same then it will generate or use the same cache (if you cache directory is the same in both places).
Your best workaround is using the cache driver and storing your cache manually. Here is an example of the controller code:
public function index()
{
// If we have a cache just return it and be done.
if ($mobile = $this->cache->get('page_mobile') AND $this->agent->is_mobile())
{
$this->output->set_output($mobile);
return TRUE;
}
elseif ($page = $this->cache->get('page))
{
$this->output->set_output($page);
return TRUE;
}
$vars = array();
// Save a cache and output the page.
if ($this->template->is_mobile)
{
$home = $this->load->view('page_mobile', $vars, TRUE);
$this->cache->save('controller_mobile', $home, 500);
$this->output->set_output($home);
}
else
{
$home = $this->load->view('page', $vars, TRUE);
$this->cache->save('controller', $home, 500);
$this->output->set_output($home);
}
}