Search the Community
Showing results for tags 'Session'.
-
In my PW-Application there is currently no session timeout. I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage. so I added the following entry to my config.php: $config->sessionExpireSeconds = 120; (120 seconds is just for testing). But after five minutes of inactivity I am still logged in, there is no redirection. Is there anything wrong or did I miss something? In php.ini I have the entry: session.cookie_lifetime = 3600
-
Hi, I'm using the Database Session Handler the first time with a site and have noticed that the no more used sessions get not deleted automatically. They get deleted when I'm logged in and go to Setup -> Sessions. Is this normal behave or is there something wrong with the server the site is running on. How is the deletion triggert? Can I do something together with lazy-cron?
-
Hi, I want to redirect users that hit 1) pages using a specified template 2) when the url is using a specific syntax. Url syntax is: /PRODUCT/redir/PAGEID Example: /foo/redir/1234 My intention is to redirect the user to the specified PAGEID - but I don't know how to user $input in a hook. How might that be done with hooks in ready.php? $this->addHookBefore('Session::redirect', function(HookEvent $event) { $session = $event->object; // (Product template always lives a root level) if( TEMPLATE == 'product' && INPUT->urlSegment1()=='r' ) { $dest = $pages->get(PAGEID); $session->redirect( $dest->url ); } });
-
Hi guys and ladies! And thanks for Processwire! It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a page having a template with this option filled, a redirect will occur if user is not logged in and/or has insufficient access rights. I like to hook PW events. In one of my current projects i decided to write an addHookBefore('Session::redirect', ...) which should store the page we are being redirected from. With "regular" redirects like $session->redirect('/somewhere/') this hook works like a charm. But it was strange to see that it doesn't work with the template-settings-based redirect. I'm too dumb to dive deep inside PW and to examine the whole PW session mechanism. But it could be rather logical if ANY redirect ( no matter template-settings-based or using $session->redirect() ) could be hooked in the same manner. Okay okay i can forget about template-settings-based redirect and write my own. Just a couple of lines of code, and it works. But it's less elegant than hooking the template-settings-based redirects. So am i missing something? It this behavior a bug, or is it intended by PW team? Thanks in advance for any comment!
-
Hi, after redirect to payment page processwire session lost because of samesite cookies changed default to "lax". https://web.dev/samesite-cookies-explained/ tried to hook session::init but not works ? $wire->addHookBefore("Session::init", function (HookEvent $event) { ini_set('session.cookie_samesite', 'None'); session_set_cookie_params(['samesite' => 'None']); }); set by htaccess works <ifmodule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </ifmodule>
-
Hi guys, I'm facing a somewhat strange issue here which I can't quite wrap my head around. I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess. Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123 Thanks for any input, greetings derelektrischemoench //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a 200.... I guess this is where my problem is; but why?
-
Hi guys, I'm facing a somewhat strange issue here which I can't quite wrap my head around. I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess. Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123 Thanks for any input, greetings derelektrischemoench
-
How do you guys handle large session tables when sessions are being recorded to the database? I notice one of my sites has a session table of over 14MB Am I missing a way in the Admin or a module to auto-remove any sessions older than X days? Thanks
-
Hello all, I am using part of a PW install as a backend for a RESTful API. Everytime a client consumes the API, a session is started. The RESTful approach is sessionless per definition and I would like to avoid sessions, if possible, for performance reasons. When I look at the open sessions while only one client is getting or putting data through my REST API, I can see that there are quite a few (over 50) sessions open from that client. The project is at a testing stage right now and I'm afraid that once 50 or 100 clients are connected, the sessions will put a big load on the server. Is it advisable at all to try and avoid sessions? How would I go about killing sessions or, even better, connect to my API endpoints without starting a session in the first place?
-
Hello, I'm facing a weird issue here. I have a page loaded with this code inside (my comments in line ends) : if ($session->allPlayers) { // Set in a head.inc file. I have also a $session->set('allTeams', $allTeams); in my head.inc $allPlayers = $session->allPlayers; } else { $allPlayers = getAllPlayers($user, false); $session->set('allPlayers', $allPlayers); } bd($session->getAll()); // HERE, I get a number of 11 variables which is what I expect In the same page, I have a link pointing to ajaxContent.php that loads stuff via Ajax. I just write this in my ajaxContent.php to test : bd($session->getAll()); // HERE, I get only 9 variables. All my newly set $session variables ($allTeams and $allPlayers) are not conveyed to ajaxContent.php ??? Would you have any idea why is that ??? Another thing : I have a $session->headMenu set in my head.inc, and this one works fine. I can retrieve it in my ajaxContent.php page. I've tried cleaning all caches but it doesn't change anything ? At first, I expected it to be a 15-minute update to my site... It turns out to be a 2-hour issue and I'm still stuck. Thanks for your ideas !
-
If I have two PW sites that sit in separate folders, I can't be logged-in in both sites. e.g. site.com/project-a/pw-admin-slug/ site.com/project-b/pw-admin-slug/ If I login to project-a, then also login to project-b, get back to the first site, I have to login again. Is the cookie / session mechanism storing my domain? If it does, and it's meant to be some sort of security enhancement, it should not check my domain, but root-URL of the PW-installation. (strangely, this doesn't happen on localhost) Is it possible to prevent that behavior? Often I have two sites open (e.g. check to see if I have the same CKEditor setup and quickly copy and paste it, or copy a user-role)
-
Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. You may grab this from Github: SessionHandlerDBRedis I hope this could give somebody a help. Updated to v0.4 changelog: v0.3 - added ability to get forwarded IP instead of normal remote IP. v0.4 - added session lock
-
I have a demo site which I moved to a new VPS for client testing We noticed that leaving a page open and then revisiting the site can result in a 25 second(ish) to load time and will then throw a 500 Error. The hosting guys had a look and confirmed that the server is fine but the issue could be related to authentication or sessions. We are running Page Protector and ProCache so I wondered if there were any known bugs here and any recommended actions. My actual PW log doesn't show anything but the server log has plenty of these 2018-12-06 08:14:00 Error xxx.141.1x.101 500 POST /who-we-are/ HTTP/1.0 1.58 K Apache access 2018-12-06 08:14:45 Warning xxx.141.1x.131 mod_fcgid: read data timeout in 45 seconds, referer: http://demo.abc.not/who-we-are/ Apache error 2018-12-06 08:14:45 Error xxx.141.1x.131 End of script output before headers: index.php, referer: http://demo.abc.not/who-we-are/ Apache error 2018-12-06 09:03:18 Error xxx.141.1x.131 2614#0: *667 recv() failed (104: Connection reset by peer) while reading response header from upstream nginx error Thanks P
-
Hello, after creating an array and assigning it to a variable in session: $order = array (); $order['token'] = 'token'; $order['product'] = 'product-name'; $session->order = $order; I try to insert another item: $session->order['price'] = 'price'; But it doesn't work: Notice: Indirect modification of overloaded property ProcessWire\Session::$order has no effect in... Isn't possible to modify such session variable? I could build another array from the session variable, add the new item, and then store it again in session, but doesn't looks good. Thanks!
-
Hi guys, I'm trying to setup my first login form. Once connected the user will able to access the other part of the website. I've read many topics about session from which I've learned a lot but I still can't figure if sessions are files based, database based or cookie based ? I've read somewhere Ryan said he will add a database option, is it live ? Perhaps a cookie is only set if a user is logged in ? In the doc http://processwire.com/blog/posts/multi-instance-pw3/#more-session-control, it says : "Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/." In that same doc, someone asks in the comments section how to get rid of sessions, he don't use them and don't want any cookies (perhaps regarding EU cookie law...). (I've also read many threads where people had too much files in their sessions directories, apparently ubuntu related or Php garbage collector setting). So does PW sessions set a cookie or not ? Does someone here know what's the default lifetime of a PW session ? Thanks !
-
Strange behavior with Session and debug mode [SOLVED]
Jarden Black posted a topic in General Support
Hi everyone, [edit: do not loose your time reading this post, I solved it by disabling cache in the Pages2Pdf module... sorry ?] I do not know if I should post on the Pages2Pdf thread or here. Mods, feel free to move the post. Since three days I am scratching my head to understand a weird thing happening with $session and $config->debug used in conjunction with Pages2Pdf module. For information, I tested it on a fresh install of ProcessWire 3.0.96 with PHP-7.0.28 and Pages2Pdf-1.1.7 (domain: http://session.sites.sek/). I will try to explain what is going on. What I am trying to achieve : In a template, I need to set some sessions variables which are then echo'd in the PDF document. (on the test installation, the basic-page template (page /about/?pages2pdf) serve the PDF, the home and sitemap template set the session variable.) The problem : From the template sitemap, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Sitemap template'); From the template home, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Home template'); Then in the PDF default template, I echo the session variable: <p>Session: <?= $session->getFor('pdf', 'myvar'); ?></p> Now I turn ON debug mode ($config->debug = true) : Then I navigate to "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Now I want my PDF document, so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and I get my PDF document with the right session var : "Session set from Sitemap template" For the moment, nothing special happen. Everything work great. We are in debug mode. Now I turn OFF debug mode ($config->debug = false) : Then I navigate to "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Then I navigate back to "http://session.sites.sek/home/" and the session variable "myvar" is set back to "Session set from Home template". Now I want my PDF document - as expected, the "myvar" should be set to "Session set from Home template" - so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and here the problem happen. Instead of echoing "Session set from Home template" in the PDF document, the phrase "Session set from sitemap" is echo'd (the last value recorded before switching from debug ON). I made two small screencasts to show the issue : DEBUG ON (Everything is OK) DEBUG OFF I am missing something ? EDIT: YES, you are dumb! -
Hi everyone, [edit: do not loose your time reading this post, I solved it by disabling cache in the Pages2Pdf module... sorry ?] I do not know if I should post on the Pages2Pdf thread or here. Mods, feel free to move the post. Since three days I am scratching my head to understand a weird thing happening with $session and $config->debug used in conjunction with Pages2Pdf module. For information, I tested it on a fresh install of ProcessWire 3.0.96 with PHP-7.0.28 and Pages2Pdf-1.1.7 (domain: http://session.sites.sek/). I will try to explain what is going on. What I am trying to achieve : In a template, I need to set some sessions variables which are then echo'd in the PDF document. (on the test installation, the basic-page template (page /about/?pages2pdf) serve the PDF, the home and sitemap template set the session variable.) The problem : From the template sitemap, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Sitemap template'); From the template home, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Home template'); Then in the PDF default template, I echo the session variable: <p>Session: <?= $session->getFor('pdf', 'myvar'); ?></p> Now I turn ON debug mode ($config->debug = true) : Then I navigate to "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Now I want my PDF document, so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and I get my PDF document with the right session var : "Session set from Sitemap template" For the moment, nothing special happen. Everything work great. We are in debug mode. Now I turn OFF debug mode ($config->debug = false) : Then I navigate to "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Then I navigate back to "http://session.sites.sek/home/" and the session variable "myvar" is set back to "Session set from Home template". Now I want my PDF document - as expected, the "myvar" should be set to "Session set from Home template" - so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and here the problem happen. Instead of echoing "Session set from Home template" in the PDF document, the phrase "Session set from sitemap" is echo'd (the last value recorded before switching from debug ON). I made two small screencasts to show the issue : DEBUG ON (Everything is OK) DEBUG OFF I am missing something ? EDIT: YES, you are dumb! Why it is working with debug mode ON and not vice-versa ? Is there someone who already spotted this strange behavior ? Is there a PHP settings which should be modified ? ==================================================== Edit: I needed to post just to figure myself that Pages2Pdf cache the document when $config->debug is false. ???
-
I've used this code on another site (same web host) and it all works fine. When a visitor lands on a page and they're not logged, the page name/path/url/httpUrl (tried them all) is saved to a session var. Code in _init.php is: $loginPage = pages( 1085); if(!$user->isLoggedin() && $page->id != $loginPage->id) { // not for login page $session->set('returnPage', $page->path); // results in /http404/ stored in session var // $session->set('returnPage', '/rants/'); // works fine $session->redirect($loginPage->url); } Code in the LoginRegister template: if($user->isLoggedin() && !$input->get('profile') && !$input->get('logout')) { // login and go back to the previous page or go to the home page $goToUrl = $session->get('returnPage') ? $session->get('returnPage') : '/'; var_dump($session->getAll()); die; $session->redirect($goToUrl); } else { // let the LoginRegister module have control $content = $modules->get('LoginRegister')->execute(); } This var_dump shows that the returnPage session variable is stored as the path to the 404 error page ["returnPage"]=> string(9) "/http404/" I also tried $page->id with the resulting var (int) 27 which is the 404 Page id. Also tried namespace in the session var... It all worked fine when I manually typed in a valid page path, ie only weirdness when I used the $page var. Any help to explain why this is happening and how to fix greatly appreciated. tia
-
Hi, On my website the user is able to choose between to styles of a gallery. A gridview and a stripe view. I want to store the choice during the whole session. So if the user chooses a style I do it like so: $query = $_GET['view']; if($query){ $session->set('view', $query); } So that's working pretty fine, but after a random number of menuclicks or reloads its gone. Sometimes it is stored for 10 -15 pageloads and sometimes it's gone after 2 loads, Lifetime is set to 3600 in php.ini session.gc_maxlifetime = 3600 This is how I look if it exists: if($session->view == 'grid'){ include('album-grid-title.php'); $session->set('view', $query); } elseif($session->view == 'stripes'){ include('album-stripes.php'); $session->set('view', $query); } else{ include('album-stripes.php'); } Can anyone point me in the right direction and tell me what I'm doing wrong or why $session gets lost? Thanks in advance
-
Is there a way to restrict logins for users so that one user can't be loggedin in two places at the same time? e.g. auto logout user after inactivity (of say 15 minutes..?), or logout action and disallow login if user still "logged in" somewhere?
-
Hello there! I want to create a user front-end (user can register/login/logout via templates) I'm working based on the intermediate site profile. So _init.php is loaded first, then the template file and then _main.php. I integrated the custom login as described here, and changed it to my needs. ( I don't want to redirect the user, if the form is filled in successfully) The problem I face, is that $user->isLoggedin() lags behind $session->login(). Which means that whenever I do a login, I DO get the information that the login was successful ($session->login(...) instanceof User). I COULD use that information on _main.php to show a profile in the upper right corner. However I don't want to set a variable in the template and ask for it in _main.php. Are there any alternatives? Is a redirect really required to complete the session handling? Why? I have the same problem for the logout. The user is still displayed as logged in, when he opens the logout page. Thanks in advance. Best, Martin
-
Hello, When do you choose to use $input->whitelist($key, $value) rather than $session->myvar (with myvar = 3 for example) ? The documentation uses the example of the MarkupPagerNav module : "An example is the MarkupPagerNav plugin module, which provides an easy way for you to have pagination. Lets say that you used it to paginate search engine results. [...]" (from https://processwire.com/api/variables/input/) But If I don't have pagination, but some variables to store for each member of my website, do I have any interest to store them with whitelist rather than within sessions ? Thanks
-
Hi all. Perhaps this is just my fault, but I can't get behind it :-( When I store an array in a $session and want to read its contents – after a $session->redirect() – it is NULL by var_dump() If I use the exact same code and just store a string or a Page ID the output is correct. // file-1, product page $last_add_to_cart['product'] = $selected_product; $last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is NULL Strangely this works // file-1, product page $last_add_to_cart['product'] = $selected_product->id; #$last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is 1234 EDIT: When I var_dump the $session before the redirect everything is ok
-
At the top of each of my main pages, I want to redirect to my login page if the session is timed out. How can I use the PW API to test for this? $user->isLoggedin() doesn't seem to do it, like I expected. THX