In my code, I have logout function as below
function logout()
{
$this->session->sess_destroy();
// but, don't destroy this session
$this->session->userdata('admin_id');
}
How to destroy all session, except 'admin_id'?
The Session destroy in CI is performed at the next request, so you can't destroy a session and open a new session without a request in between.
But you could unset all session data except the data you like to keep and the data Codeigniter needs to keep the session. This Depends how session is configured, by default is it the User Agent, the last activity and the session ID. See CI-Session class preferences (at bottom of page)
This function deletes all session data except the admin_id
$sessionData = $this->session->all_userdata();
foreach($sessionData as $key =>$val){
if($key!='session_id'
&& $key!='last_activity'
&& $key!='ip_address'
&& $key!='user_agent'
&& $key!='admin_id'){
$this->session->unset_userdata($key);
}
}
You might want to save the admin_id temporarily and just put it back to session after you destroyed all your session vars.
$temp = $this->session->userdata('admin_id');
$this->session->sess_destroy();
$this->session->set_userdata('admin_id', $temp);
you must save some of keys in session, here is correct code.
$sess_array = $this->session->all_userdata();
foreach($sess_array as $key =>$val){
if($key!='session_id'
&& $key!='last_activity'
&& $key!='ip_address'
&& $key!='user_agent'
&& $key!='RESERVER_KEY_HERE')$this->session->unset_userdata($key);
}
This will work for you :)
$this->session->sess_destroy(); destroys the session_id and last_activity of the session. So the session no longer exist. So this wont work.
Try this:
$sess_array = $this->session->all_userdata();
foreach($sess_array as $key =>$val){
if($key!='session_id'||$key!='last_activity'||$key!='admin_id'){
$this->session->unset_userdata($key);
}
}
Related
i have a problem.
In Yii2 i have a view, controller, and layout.
in the layout and view, i check for the session if active do something.
the code is like this:
if (!isset($session)) $session = Yii::$app->session;
if ($session->isActive && $session->has('username')):
//some code here if there is session echo something
else:
//some code here if there is no session echo something else
endif;
then i have a controller action, which destroy session but also redirect to the view file above, the code is like this:
public function actionDestroysess($status = 1) {
Yii::$app->session->destroy();
return $this->render('masuk', ['status' => $status]);
}
the problem is, the session condition in view return true, it means that the Yii::$app->session->destroy(); is not working at all, i tried to var_dump(Yii::$app->session->get('username)); at the controller below the destroy command, but still get the value. Help me, why this session destroy is not working?
try this:
Change
Yii::$app->session->destroy();
to
Yii::$app->getSession()->destroy();
if you want to remove exact session you must use:
Yii::$app->session->remove('name')
I have this in my beforeroute() of a controller
public function beforeroute()
{
new \DB\SQL\Session($this->db);
$mapper = new \DB\SQL\Mapper($this->db, 'users');
$auth = new \Auth($mapper, array(
'id' => 'username',
'pw' => 'password'
));
if (!$auth->login('validuser', '1234')) {
die('username or password wrong');
} else {
echo ($csrf = $this->db->exec('SELECT csrf FROM sessions')[0]['csrf']);
}
}
After I hit the page, I have different values for csrf in database and what's been echoed out on page. Why is that?
The csrf token is renewed on every request. You see different values on the page and in the database, because the value in the database was updated after your page has rendered.
To be more specific, the SQL Session handler replaces the default php session handler, and that's why the call to session_commit within the unload method https://github.com/bcosca/fatfree-core/blob/master/base.php#L1903 (is called when the framework shut down) will update your session database table with the new value.
To have a way to reuse that single csrf token for your purpose, just put it back into the session itself:
$s = new \DB\SQL\Session($f3->get('DB'));
// old value from last request
echo $f3->get('SESSION.csrf');
// remember current value for next request
$f3->set('SESSION.csrf',$s->csrf());
Maybe there`s an easier way, but I haven't figured it out yet.
I have a login function. When I login, the session gets saved. But when I refresh the page or redirect to another function, then the session (userdata) is shown blank. I have loaded the session library in autoload, but the userdata is deleted after every page refresh.
Here is my code.
public function index () {
$user = $this->input->post('user');
// after successful user checking
$this->session->set_userdata('user', $user);
// when I print session here,
print_r($this->session->all_userdata());
// session user gets print
}
But when I redirect to a function (suppose 'test'), then no any session is shown.
public function test() {
print_r($this->session->all_userdata());
die;
}
When you read the post value with $this->input->post('user'); and there isn't any post the function returns null and save this in the user value.
You have to check before setting.
if ($this->input->post('user')) {
$this->session->set_userdata('username', $this->input->post('user'));
}
I solved the problem. Actually, accidentally I had destroyed the session at the beginning of the code. So, my session was all destroyed. I removed the code and it's working fine.
I save preferences of anonymous user in sessions.The issue is that when user did login,I have to clear previous sessions and start new one(for security reasons).
It seems if I destroy session, then login function would do logout! Even though I use set_userdata after sess_destroy it cannot do login (maybe session after destruction becomes unusable).
Using unset acts only on a few specified sessions.Is there any way to clear all sessions of the user without such a problem?
public function login()
{
if($this->session->userdata('id'))
redirect($this->config->base_url());
if($_POST)
{
...
$user=...
if($user)
{
$this->session->sess_destroy();
$this->session->set_userdata('id',$user['id']);
....
}
else
{
....
}
}
$this->load->view('...');
}
Try reinitializing the session library after you run sess_destroy().
$this->session->sess_destroy();
$this->load->library('session');
$this->session->set_userdata('id',$user['id']);
Update:
It appears that CI does not have a native function to clear the session without damaging it for the rest of the script runtime.
However, searching for the root cause yielded a manual answer.
function unset_only() {
$user_data = $this->session->all_userdata();
foreach ($user_data as $key => $value) {
if ($key != 'session_id' && $key != 'ip_address' && $key != 'user_agent' && $key != 'last_activity') {
$this->session->unset_userdata($key);
}
}
}
do not use sess_destroy unless you are planning to redirect back again on the same url.
just use
$this->session->set_userdata('id','')
or you could create an array of the sessions you want to destroy and on its value just add a null sample
$test = array('session_id'=>'','session_id2'=>'');
$this->session->set_userdata($test);
this will make the session with names session_id and session_id2 NULL or FALSE
because when you called sess_destroy() it destroys all the session the app is using. even if you try to add another session after calling it it will not add since there are no active sessions and That's why it will not work. Tried it many times, it will only work if you refresh or redirect back to the controller/method so that a new session will be created. That's how session in CI works, i don't know correct me if i'm wrong.
By logic, once the users logged out, they cann't enter the system again till they login again.
I use some session data and cookies of the logged in users, and i want to delete this session data and cookies when the users logged out.
I use
delete_cookie("cookie_name");
$this->session->sess_destroy();
and also set the $config['sess_time_to_update'] ro 0
but this is didn't work, the session data and cookies didn't deleted.
What i can do to delete all session data and cookies once the user log out.
$this->session->sess_destroy();
should delete all the session data. How do you know that the session data wasn't deleted. just after sess_destroy(); try to echo one of the session data.
echo $this->session->userdata('item_name');
same way use echo after deleting a cookie like this-
echo get_cookie('cookie_name');
I believe, it's the logic of how user keep logged in. You are probably not checking whether the session exists for logged in user. You should check session and cookie for every page(method) the user visit. The best way to do this is to put the checker function in the constructor.
Try this -
http://php.net/manual/en/function.setcookie.php
// unset cookies
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
foreach($cookies as $cookie) {
$parts = explode('=', $cookie);
$name = trim($parts[0]);
setcookie($name, '', time()-1000);
setcookie($name, '', time()-1000, '/');
}
}
http://www.php.net/manual/en/function.setcookie.php#73484