I'm wondering if is there any way to remove all domain site cookies and sessions params.
somenthing like $this->session->destroy();?
$this->session->sess_destroy()
Just to note for applications where post destroying session, you want user to land on the index page where that point forward is taken care of the function, use bellow,
$this->session->sess_destroy();
redirect('');
In CodeIgniter 4, If you want to delete all your session data along with index/key then you can use this:
$this->session->destroy();
Related
I have multiple routes with comments and when I click reply I get redirected to a route where I can post a reply to a comment. How can I correctly store the route from where I came and then redirect back to it after posting the reply?
I considered passing the URL::previous as a param and storing it into a hidden input, but if the page gets refreshed by the user it gets empty. Another way might be store in the session, but then I don't know how to reliably expire it...
Redirect back with success message
return redirect()->back()->with('success', 'Data added successfully');
use return redirect()->back();
Use return Redirect::back() function for the previous URL.
You can use return Redirect::back(); or return Redirect::to(URL::previous() . "#whatever");
You can keep 2-3-4-5 URLs in a session and you don't need to expire it. You can just limit number of kept URLs. Also, please check my answer to a similar question here.
Store url in the session when user access page, when you have your reply button. You dont have to expire it, it will get automaticaly updated when user visit next page with reply button.
session(['last_url' => 'Request::fullUrl()']);
Also dont forget to use namespace
Use Request;
If you really want to discard value from session after user redirects, you can use this:
return redirect()->url(Session::pull('last_url'));
And namespace
Use Session;
Simply you can do return redirect()->back();
Do like this,
First store url in session
$request->session()->put('previous-url', '/user/demo');
Use like this
$previous_url = Session::get('previous-url');
return redirect()->to($previous_url);
What's the best way to accept session tokens in the request body instead of as a cookie? I basically want the functionality of ring.middleware.session but without using cookies because it's an API that will be called from another domain.
Are there existing examples/libraries/cemerick.friend workflows that do this?
Would it be too much of a hack to put a middleware function before ring.middleware.session and after something like compojure.handler.api which copies the parameter into the session cookie. You could also wrap ring.middleware.session with your own function which puts the token where middleware.session expects it.
I've read about how CI handles sessions differently than native sessions and feel slightly insecure about storing all the data in a cookie(?), unlike PHP's native session which only stores the session ID(?). So I've decided to use native sessions without the CI native_session library.
Now, I know that the Input Class in CI validates Isset with a true/false statement like this:
if ($this->input->post('something'))
which renders the Isset function unable to work (it gives an error). However, I'd like to check my native sessions with the Isset function, so how can I do this? I've tried
if (isset($_SESSION['keyHere']))
which gives me an error.
So to sum up: I want to use Isset on my session array as I feel using
if ($_SESSION['keyHere'])
without the Isset might be 'dangerous/foolish'.
Also, as a last question I'm curious about which session handling you think is safest? CI's Session Class or PHP's native handling with server-side storage etc.? I'd very much like to feel as safe as possible when it comes to sessions, no matter if it means I'll have to write longer code.
Ok so, lets talk about the problem that you're having with isset!
i agree to all answers behind, the empty function its an good try, using array_key_exists too, but isset have your own place on php language.
At first you didn't post the error taht you're getting, bu as #GolezTrol saidyou're probally having trouble with session_start().
You need to put it on the top of the page, before any scripts. I would put this code before all scripts, and the best place to put it its inside the config/config.php page, at the start of it, or maybe on the root index.php
Using it, you will starting the session on all pages of your system.
Well, about your second question.
I think the session native of PHP its really secure, but the session of Codeigniter it's really nice too.
Codeigniter has some problems with the security, when we talk about cookies, if we are handling with important data of system, its hard to work with it, especially if someone else could edit it, thinking about all of it that i describe above, i could say that Codeigniter has a good seession library, even if we are working with important data.
If you don't believe on the security of cookie, just put on database, and you will have any trouble with it. The good thing its the ability and the facility to work with this class on everyplace of the system!
Actually i'm using the way of database, and i suggest it.
I would use array_key_exists instead of isset. isset also checks if the value is not null, so an array with an existing key but a value of null will still return false. You know it is an array and you want to check if a key exists, so it makes the most sense to use array_key_exists.
But that's not the problem. :D
I think you need to call session_start() first.
PHP's native session handling performs just fine as long as you are on a single webserver.
$data=$this->session->userdata("session variable");
if($data)
{
// do something
}
use this in your CI code files. it works for me all the time !
$logindata = $this->session->userdata('username');
if ($logindata !== FALSE)
{
//it exists
}
might help!
I've always used php function empty(); though it works differently if you don't know what you are doing.
If it's an empty array, it will
return FALSE
If it's NULL, it will return FALSE
I personally had little problems with the new session class in CI 2.0.2. Create a table called "sessions" and store the sessions in the database, using sess_use_database to true. Also set sess_encrypt_cookies to true, and lastly, if you want sessions to match with user IPs, use sess_match_ip. Oh, and make sure to set encryption key, which will make it even more secure.
PHP sessions are nice, but I personally like CI sessions better because it gives more flexibility. Especially when you are running multiple web heads with load balancer.
Hope that helps!
Why not use the built in CodeIgniter Session Class? it will provide the same functionality as the input class in regards to not forcing you to use isset().
It allows for encrypted sessions and uses it's own session implementation.
$this->session->userdata("keyHere"); // returns false if not set
You really should use the codeigniter session class. You can make it store the session data in the db so the cookie holds just a unique identifier. You can also set that cookie to be encrypted with the codeigniter security key.
Then, when you access session information, it acts like the normal input methods and so you can just do if($this->session->userdata('name')) rather than using isset or empty or whatever.
My session data is being saved in my form as expected.
However, when I run a sort on any column of my results, my form session values are cleared.
I am calling in my search form through en element as it's used on specific locations of the site.
Does anyone know why pagination is clearing out my session? Is this standard Cake?
The paginator sort elements are simply a link generated by the paginator and won't consider any of your form data. The first thing you need to make sure that you're doing is tell the paginator to include any URL paramters for the current page in the url it generates. Put this anywhere in the view before you call any of the $paginator functions.
$paginator->options(array('url' => $this->passedArgs));
Secondly, make sure that your search parameters are being included in the URL. It sounds like they probably aren't. I just answered another question on the best practices of search result URLs here: CakePHP Search Results Best Practices
I solved this:
CakePHP session ID path or other method to share the results of a url - recommendations welcome
noob question. when I pass an id in the route to query my DB, is there a way to prevent the actual id from showing in the URL in browser.
If not, is there a way to prevent the user from changing the id in the URL and access other information?
Some sort of validation you get from clicking the link on the previous page or something.
I hope this make sense.
You could retrieve your record with an hash instead of the id directly.
You can use package like https://github.com/mitchellvanw/hashids (there must be some others)
Also, if you just want to hide it, you can POST it to your page. Don't forget that users can still change the form informations.
U can use base64_encode() and base64_decode to hide url from users and preventing them to change.