I am debugging on session login, when i am login to www.domainname.com the session will be only set for with www.
When i am going to url domain.com, session login is ignored, and i will be prompted to login form again.
I have set session cookie_domain also, but not working.
Any one can help me? why?
I know this question is as old as "Who came first? The egg or the chicken?"
I had a lot of trouble about this issue.
But... if you're using php I've found a solution:
In your login script insert in the first line
<?php
session_set_cookie_params(0, '/', 'www.yourdomain.com');
session_start()
?>
or you can try yoursubdomain.yourdomain.com instead www.yourdomain.com.
It works for me. Hope it help other users too.
I highly recommend redirecting users to the canonical version of the site (probably the www.example.com domain). Look around, you'll notice that most sites do exactly this for consistency (including SO; see what happens when you go to www.stackoverflow.com).
Have you tried setting the session domain to ".example.com"?:
$lifetime = 0;
$path = '/';
$domain = '.yourdomain.com';
session_set_cookie_params($lifetime, $path, $domain);
Note the dot in the beginning of the $domain string variable.
Check the reference of the function here.
Related
I'm using Ajax to log in a user from subdomain. The Yii2 app is on another subdomain. Both subdomains are configured to use same cookie and session domains and save paths. I'm including session ID with Ajax call to write the user information to the same session used by non-app subdomain like this:
$session = Yii::$app->session;
$session->open();
$session->setId($post["session"]);
$session["user.id"] = $user->id;
echo $session->id; // This does not return the same ID originating from post!
Unfortunately the user information IS NOT written to the session already existing, but a new one. Is there a session involved somewhere in the middle of login process or why isn't it working? I've also tried session_id($post["session"]), but nothing.
This was actually working on previous domain, so I must be missing something. All of the AJAX posted info is correct and checked, the user is logged in properly (checked the logs) but into wrong session.
Thanks in advance!
yii\web\Session::setId() is a wrapper for session_id(), you should read PHP documentation about this function :
string session_id([ string $id ])
If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
So you should simply try :
$session = Yii::$app->session;
$session->setId($customId);
$session->open();
I Don't think you are following the correct way to SET & GET session.
Try This:
$session = Yii::$app->session;
$session->open();
$session->set('id', $post["session"]);
echo $session->get('id');
For more info, please click Session Management - Yii2
i am following along a video course from tutsplus -getting started with laravel- and managed up to vid 19 securing the admin panel. My problem as follows. i cannot login to the system because i don't have a valid email-password. in the db there are dummy user emails and hashed pw's but i cannot use because already hashed and i don't know the pw's.
i found this post
How to create a laravel hashed password
however artisan tinker doesn't work because REPL not supported.Falling back to simple shell.
$password = 'JohnDoe';
$hashedPassword = Hash::make($password);
echo $hashedPassword; // $2y$10$jSAr/RwmjhwioDlJErOk9OQEO7huLz9O6Iuf/udyGbHPiTNuB3Iuy
makes sense - to create a new user with known pw but i don't know where and how to implement the code so it spits out the hash in the browser. I tried making a file in the model as well as route and stuck in the code.. to no avail. or maybe easier way?
Can someone help thx.
Place this in your routes.php
Route::get('hash/{password}', function($password){
echo Hash::make($password);
});
And then open your-project.dev/hash/JohnDoe in your browser.
I'm using Laravel on MAMP PRO (PHP 5.4). Both are vanilla install and I got Laravel working okay.
Next, Installed Sentry.
Inside of a login function on controller:
$user = Sentry::authenticate($credentials, false); // this works. I can see the $user
But then upon an immediate redirect I use a filter:
Route::filter('auth.admin', function()
{
var_dump(Sentry::check()); // ** this gives me a bool(false);
die();
if ( ! Sentry::check())
{
return Redirect::route('admin.login');
}
});
So, I'm assuming that maybe there is a cookie that is not being set?
Solved...
For anyone else with this issue, this is a summary of the most common solutions on the Internet as well as how I solved my issue. I'm on MAMP/OSX, but this apparently made zero difference as I literally put up a vagrant/virtualbox and still had the same issue.
** Set 'domain' => 'yourdomain.com' in your config/session.php. EVEN IF YOU ARE ON A SUB DOMAIN like a.b.c.yourdomain.com, use ONLY the root domain (yourdomain.com) in your 'domain' variable as I just wrote it. ** This was my issue.
Make sure your session storage folder has write permissions.
Make sure you have a >0 lifetime in your session.php
Make sure you don't have whitespaces after any closing PHP which could cause the application not to shut down properly.
Try Switching between database sessions and file sessions.
As a last resort, try upgrade to 4.2, if possible. 4.1 had a known issue (as referenced in google).
Your issue is may no be with Laravel OR Sentry. It's probably a file or configuration issue as illustrated above. I pulled my hair out tracking this from Sentry to Laravel to Cookies to Session to Blah... Only to realize that it was finally a cookie issue which was caused by me not setting my ROOT domain (I was using the full
i'm a rookie in laravel.
I have a page in admin profile (/Profile /admin). But if someone put
http:// ... / Profile/admin
. Happen a jump directly to the admin page without login.
I tried putting:
Route::filter ('/Profile/admin',function ()
{
if (Auth::guest ()) return Redirect::guest ('login');
});
but i dosen't work.
Thanks.
You can run filters on your routes to basically check to see if someone is logged in or not. There is probably a bit you need to do to make sure all is secure.
However, suggested reading:
http://laravel.com/docs/routing#route-filters
http://laravel.com/docs/security
Hope it helps.
I'm having a problem with CI 2.1.3 redirect function.
Everytime I call redirect, it shows a white-blank page. In fact, it works well on my localhost, the problem just occurs on my real server (with CentOS 5 installed).
This is how I call the redirects :
redirect('frontend/article/index');
or
redirect(base_url('articles.html'));
I did add a route in config/routes.php
$route['articles.html'] = 'frontend/article/index';
with : frontend is module, article is controller, and index is action (I'm using wiredesignz's HMVC module extension)
How could I fix it? And what is the problem here?
Thanks in advance!
UPDATE
I replaced CI redirect function by calling :
header("Location: http://example.com");
but it didn't work too.
So I created a file named info.php and uploaded it to my server. Here's the content:
<?php
phpinfo();
?>
When I type in the address bar : http://example.com/info.php, it shows like in the image.
Why was there a ">" character? Was it the problem causing redirect not working?
Firstly, make sure error reporting is enabled, or try placing the following at the top of your index.php.
error_reporting(E_ALL | E_WARNING | E_NOTICE);
ini_set('display_errors', TRUE);
If this doesn't point you in the right direction make sure you don't have any output echo, print_r, print, dump, etc before your call to redirect() method.
Another common cause or problems when moving to a new environment is white space. Check that your files don't have any whitespace at the bottom of them.
if you are defining .html in the config.php as the file ext. you do not need to postfix the route with it.
$route['articles'] //instead of $route['articles.html']
Also you need to remove the base_url() from the redirect cos that is not needed.
redirect('articles'); //should sort it
Hope this sorts ur problems.
EDIT
If this is still not working after attempting these changes, it will most likely be a problem in the controllers. If this is the case you may need to turn on error reporting in your index.php file to find out exactly where the problem is occurring.