Search the Community

Showing results for tags 'session'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Found 44 results

  1. Is there a way to restrict logins for users so that one user can't be loggedin in two places at the same time? e.g. auto logout user after inactivity (of say 15 minutes..?), or logout action and disallow login if user still "logged in" somewhere?
  2. Hello there! I want to create a user front-end (user can register/login/logout via templates) I'm working based on the intermediate site profile. So _init.php is loaded first, then the template file and then _main.php. I integrated the custom login as described here, and changed it to my needs. ( I don't want to redirect the user, if the form is filled in successfully) The problem I face, is that $user->isLoggedin() lags behind $session->login(). Which means that whenever I do a login, I DO get the information that the login was successful ($session->login(...) instanceof User). I COULD use that information on _main.php to show a profile in the upper right corner. However I don't want to set a variable in the template and ask for it in _main.php. Are there any alternatives? Is a redirect really required to complete the session handling? Why? I have the same problem for the logout. The user is still displayed as logged in, when he opens the logout page. Thanks in advance. Best, Martin
  3. Hello, When do you choose to use $input->whitelist($key, $value) rather than $session->myvar (with myvar = 3 for example) ? The documentation uses the example of the MarkupPagerNav module : "An example is the MarkupPagerNav plugin module, which provides an easy way for you to have pagination. Lets say that you used it to paginate search engine results. [...]" (from But If I don't have pagination, but some variables to store for each member of my website, do I have any interest to store them with whitelist rather than within sessions ? Thanks
  4. How to track user active time based on session login and logout. Basically, I want to get the report that each user login time and logout time/session inactivity time. Is there any module available or we can use any hooks to simulate the above. Thanks in advance for your support.
  5. Hi all. Perhaps this is just my fault, but I can't get behind it :-( When I store an array in a $session and want to read its contents – after a $session->redirect() – it is NULL by var_dump() If I use the exact same code and just store a string or a Page ID the output is correct. // file-1, product page $last_add_to_cart['product'] = $selected_product; $last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is NULL Strangely this works // file-1, product page $last_add_to_cart['product'] = $selected_product->id; #$last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is 1234 EDIT: When I var_dump the $session before the redirect everything is ok
  6. At the top of each of my main pages, I want to redirect to my login page if the session is timed out. How can I use the PW API to test for this? $user->isLoggedin() doesn't seem to do it, like I expected. THX
  7. Hello, I have a situation were a user cannot logon to several different PW installs fromdifferent machines on his workplace network. Sometimes the initial logon is working but when navigating the PW backend he gets thrown out. Sometimes even the initial logon is not working and he is redirected too many times and the browser throws a redirection error. This points to PW loosing it's session. But the same sites are working fine when accessed from within other network environments. The user's workplace network has some pretty tight security (firewall) restrictions in place that prevent PW keeping it's session. I don't know enough about network security so I can't tell what exactly could cause that problem. I checked in the browser settings to make sure session cookies are allowed and there. Has anyone ever experienced issues like that and would there be a way to make PW keep it's session under these circumstances?
  8. Hi, new forum look, cool haha! Look, I'm trying to use Securimage capcha in a template. The SESSION vars that the capcha image sets get lost somewhere in processwire. The API page says that this superglobal is always available. Do you have any hints where $_SESSION may be reset? Thanks
  9. Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. You may grab this from Github: SessionHandlerDBRedis I hope this could give somebody a help. Updated to v0.4 changelog: v0.3 - added ability to get forwarded IP instead of normal remote IP. v0.4 - added session lock
  10. Hey Guys! Im new to PW and am working on a website built on PW. Im trying to understand how sessions work in PW. Specifically what exactly is happening when session expires. The thing is that my client wants to be redirected to homepage whenever session expires, so basically he doesnt want to be redirected to admin login page when he's in the admin environment of PW(he doesnt want his clients to see the admin login page for whatever reason). Is it possible to hook to the session expiration and redirect to a specific url? And what is the correct way to do it in PW? I would appreciate the help! Cheers!
  11. The $config->sessionExpireSeconds in config.php is set to 86400 but still I have to log in as admin after about 10 minutes of inactivity. Any other hidden corners where I should look to set this right? $config->sessionChallenge is set to true. $config->sessionFingerprint is set to false.
  12. Hi all, I have problems to keep my session on different subdomains (including www). I've set the following config: $config->sessionCookieDomain = ''; $config->sessionCookieSecure = false; But it doesn't work, I always loose the session when I switch between and Could it be because both of them have a different SSL-Certificate? (https) Thanks for any help! Dennis
  13. Have set up a front-end registration form and it all seems fine but rather than giving them a link to "Click here to login!", I'd like to log them in automatically. I was thinking that as the login takes place after the new user has been saved that it ought to work but it doesn"t seem to be working at the moment. Is this even achievable without a page reload? Here is my code currently: <?php include("./"); $headings = " <div id='register'> <div class='row'> <div class='twelve columns'> <h3>Register with us</h3>"; $form="<form action='./' id='registration' method='post'> <div class='row'> <div class='four columns'> <label for='username'>Username</label> <p class='help'>Please ensure your username contains no spaces</p> <input type='text' name='username' value='{$input->post->username}'> <label for='first_name'>First name</label> <input type='text' name='first_name' value='{$input->post->first_name}'> <label for='last_name'>Last name</label> <input type='text' name='last_name' value='{$input->post->last_name}'> <label for='email'>Email address</label> <input type='text' name='email' value='{$input->post->email}'> </div> <!-- /.four columns --> <div class='four columns'> <label for='company_name'>Company name</label> <input type='text' name='company_name' value='{$input->post->company_name}'> <label for='company_url'>Company URL</label> <input type='text' name='company_url' value='{$input->post->company_url}'> <label for='company_phone'>Company phone</label> <input type='text' name='company_phone' value='{$input->post->company_phone}'> </div> <!-- /.four columns --> <div class='four columns'> <label for='pass'>Password</label> <p class='help'>Please ensure your password is at least 6 characters long and contains at least one digit and one letter</p> <input type='password' name='pass' value='{$input->post->pass}'> <label for='pass_confirm'>Confirm password</label> <input type='password' name='pass_confirm' value='{$input->post->pass_confirm}'> </div> <!-- /.four columns --> </div> <!-- /.row --> <input class='button success small' type='submit' name='submit_registration' id='submit'> </form>"; $message = "Please fill in the form below if you would like to register in order to receive exclusive access to our brochures and latest information."; $usernames = array(); foreach ($users as $u) { $usernames[] = $u->name; } if($input->post->submit_registration) { if (empty($input->post->username) || empty($input->post->email) || empty($input->post->pass)) { $message = "Please fill out all fields marked with a *"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (in_array($input->post->username, $usernames)) { $message = "Sorry, that username is already taken, please choose another."; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (filter_var($input->post->email, FILTER_VALIDATE_EMAIL) === FALSE) { $message = "Please include a valid email address"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (!preg_match("/[0-9]/", $input->post->pass) || strlen($input->post->pass) < 6) { $message = "Please ensure your password has at least one digit and is at least 6 characters long"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif($input->post->pass !== $input->post->pass_confirm) { $message = "Please ensure that your passwords match"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } else { echo $headings; $message = "Congratulations! You have successfully registered and have been logged in"; echo "<h5 class='success'>$message</h5>"; $u = new User(); $u->of(false); $u->name = $sanitizer->username($input->post->username); $u->first_name = $sanitizer->text($input->post->first_name); $u->last_name = $sanitizer->text($input->post->last_name); $u->company_name = $sanitizer->text($input->post->company_name); $u->company_url = $sanitizer->url($input->post->company_url); $u->company_phone = $sanitizer->text($input->post->company_phone); $u->email = $sanitizer->email($input->post->email); $u->pass = $sanitizer->text($input->post->pass); $u->addRole('registered'); $u->save(); $u->of(true); require_once("./scripts/PHPMailer/class.phpmailer.php"); $form_contents = array( 'username' => $sanitizer->username($page->username), 'First name' => $sanitizer->text($input->post->first_name), 'Last name' => $sanitizer->text($input->post->last_name), 'Company name' => $sanitizer->text($input->post->company_name), 'Company URL' => $sanitizer->url($input->post->company_url), 'email' => $sanitizer->email($input->post->email), 'Phone Number' => $sanitizer->text($input->post->company_phone), ); $to_name = "My company"; $to = ""; $subject = "New registered user"; $form_message = ""; foreach ($form_contents as $key => $value) { $form_message .= "$key: $value\n"; } $from = "$form_contents[email]"; $from_name = "$form_contents[username]"; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->FromName = "$from_name"; $mail->From = "$from"; $mail->AddAddress ($to, $to_name); $mail->Subject = "$subject"; $mail->Body = "$form_message"; $mail->Send(); $name = $u->name; $pass = $u->pass; if ($session->login($name, $pass)) { $session->redirect("../"); } } } elseif ($user->isLoggedin()) { echo $headings; echo "<h5>No need to register " . $user->get('first_name|name') . ", you are already are! <a href='{$config->urls->root}'>Click here</a> if you would like to return to the homepage.</h5>"; } else { echo $headings; echo "<h5>$message</h5>"; echo $form; } ?> </div> <!-- /.twelve columns --> </div> <!-- /.row --> </div> <!-- /#register --> <?php ?> <?php include("./"); Thanks.
  14. hi, i have a login form on my page which is handled within a template called by ajax. Login works fine, but only if the site doesn't get reloaded - which isn't the intention but may occur. So is there a way to manually reset the session data from within my form-handler template after successfully calling $session->login($username, $password), to have it working after a page reload? thanks, martin
  15. Hi guys, I've just created a new user : $u = new User(); $u->name = $nickname; $u->pass = $pwd; $u->addRole("guest"); $u->save(); I've added some new informations on that user, here : $u->points = 3; $u->language = 'fr'; Now I'm doing my session->login stuff, and my session->redirect stuff. On the destination page, I thought I would retrieve the $u->points and $u->language values, but it's not set. I thought I was saving the values in my news user's session area but I'm apparently wrong. I guess I have to use that syntax in the first page : $session->points = 3; $session->language = 'fr'; ... and then it will be still there on the destination page ? Is it the good way to do it ? Do my values will stick with the right user I'm dealing with ? Thanks
  16. Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks
  17. Hi guys, I'm trying to setup my first login form. Once connected the user will able to access the other part of the website. I've read many topics about session from which I've learned a lot but I still can't figure if sessions are files based, database based or cookie based ? I've read somewhere Ryan said he will add a database option, is it live ? Perhaps a cookie is only set if a user is logged in ? In the doc, it says : "Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/." In that same doc, someone asks in the comments section how to get rid of sessions, he don't use them and don't want any cookies (perhaps regarding EU cookie law...). (I've also read many threads where people had too much files in their sessions directories, apparently ubuntu related or Php garbage collector setting). So does PW sessions set a cookie or not ? Does someone here know what's the default lifetime of a PW session ? Thanks !
  18. Hello, I get the following error message when I try to publish my page. "Session: Warning (requiredIf): dependency field 'feature_image' is not present in this form. (ProcessPageEdit)" Any insight? Thanks
  19. Hi folks! In my current project I'm using ProcessWire v2.5 as pure backend service, including it in my frontend application as described here. Now I encountered some problems with the pw session handling interfering with the session handling of my frontend application. In this case the pw installation runs on a subdomain of my frontend application. Duplicate session_start() Each time I include pw's index.php pw tries to start it's own session, resulting in a notice that a session has already been started. To encounter this problem, I changed one row in Session::___init() (/ProcessWire/wire/core/Session.php): protected function ___init() { if (session_status() != PHP_SESSION_ACTIVE) @session_start(); } Session configuration override Additionally pw sets it's own session configuration and therefore overrides the config of my frontend application. To prevent this, I wrapped the session configuration block within the index.php (/ProcessWire/index.php, rows ~176ff) in a condition: if (session_status() != PHP_SESSION_ACTIVE) { session_name($config->sessionName); ini_set('session.use_cookies', true); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds); if (ini_get('session.save_handler') == 'files') { if (ini_get('session.gc_probability') == 0) { // Some debian distros replace PHP's gc without fully implementing it, // which results in broken garbage collection if the save_path is set. // As a result, we avoid setting the save_path when this is detected. } else { ini_set("session.save_path", rtrim($config->paths->sessions, '/')); } } } This is surely a bad way to fix my problem, because I had to change some code within the pw core. If anybody knows a more elegant solution to prevent pw from starting/configuring a session if used vi include, it would be very welcome. regards, Wumbo
  20. I need to write a lazy cron job that goes through a list of files and deletes those that are associated with expired sessions. Our session information is stored in the DB table sessions. Is there a Wire API call that allows me to do one of: 1) fetch all expired sessions? 2) hook the session expiration event? 3) fetch all active sessions? 4) do direct DB access to lookup sessions? (least preferred as I have to directly tie to session implmentation). My logic can either flow: Find active sessions delete files NOT in active sessions Get files if session_id associated with file NOT in sessions (or has expired) delete file.
  21. Hello, I need to restrict the page view of my app to a single guest user. This means if a session for user guest is already open for that page, other guest users are not allowed to view the same page. $session doesn't help much in that case as far as I can see from the docs (or maybe $session->getHistory() can help?). I think I could approach it this way: 1. Set session storage to DB 2. Query session table in DB for open sessions for that page and act accordingly Is there anything built into the API which I have missed that I can utilize to query the session table? Or would I have to use $database and build my own query? Any insight on this or idea how to tackle the problem would be much appreciated.
  22. I'm doing a custom login/register in the front end, and flash messages are really useful to inform the user about the process of user registration. I was used to using Codeigniter with their flash message system. I've seen very few messages in the forum where $session->message is used but I haven't seen a full implementation. I've tried my own with some degree of success, but the flash messages persist in a different way that I've expected. It's like there is a "delay". Maybe I'm doing something wrong. The has a standard notices loop: <?php if($notices) :?> <?php foreach($notices as $notice) :?> <?php $class = $notice->className(); ?> <div class="notification <?= $class; ?>"> <p><?= $notice->text ;?></p> </div> <?php endforeach ;?> <?php endif ;?> This is my register.php: When submitting the form with errors, the first time no error message are displayed. The second time I submit it with errors, then the error message appears. This is what I describe as the "delay". <?php include("./helpers/form_helpers.php"); /** * Register template * */ $out = ""; $errors = ""; // create a new form field (also field wrapper) $form = $modules->get("InputfieldForm"); $form->action = "./"; $form->method = "post"; $form->attr("id+name",'register-form'); // Name // $field = $modules->get("InputfieldText"); // $field->label = "Name"; // $field->attr('id+name','name'); // $field->required = 1; // $form->append($field); // append the field to the form // Email $field = $modules->get("InputfieldEmail"); $field->label = "E-Mail"; $field->attr('id+name','email'); $field->required = 1; $form->append($field); // append the field // Password $field = $modules->get("InputfieldPassword"); $field->label = __("Contraseña"); $field->attr("id+name","password"); $field->required = 1; $form->append($field); // Submit $submit = $modules->get("InputfieldSubmit"); $submit->attr("value",__('Crear cuenta')); $submit->attr("id+name","submit"); $submit->attr("class","btn btn--primary"); $form->append($submit); // Form submitted: process form if($input->post->submit) { // user submitted the form, process it and check for errors $form->processInput($input->post); // here is a good point for extra/custom validation and manipulate fields if($sanitizer->email($form->get("email")->value) != '') { // Email should be unique if(!isUniqueUserEmail($form->get("email")->value)){ $form->email->error(__("El e-mail ingresado ya se encuentra registrado")); } } if($form->getErrors()) { // the form is processed and populated but contains errors // Render Form $session->error(__('There are errors in the form')); $out .= $form->render(); } else { // Sanitize inputs //$full_name = $sanitizer->text($input->post->name); $email = $sanitizer->email($input->post->email); $password = $input->post->password; // Generate username from email $username = $sanitizer->email($input->post->email); // Create New User $u = new User(); $u->of(false); $u->name = $username; $u->pass = $password; $u->email = $email; $u->addRole("guest"); $u->addRole("member"); $u->save(); $u->of(true); // Create hash // Email the user with confirmation e-mail // Redirect to login page and display success Message $session->message(__('User registration sucessfull')); $session->redirect('/login'); } } else { // Form not submitted: render out form without processing $out .= $form->render(); } include("./partials/"); ?> <div class="container container--narrow"> <div class="page"> <h1>Nuevo usuario</h1> <?= $out ;?> </div><!-- .page --> </div><!-- .container --> <?php include("./partials/"); ?> On a successful submission, the next page displays the correct message, but also the error message "There are errors in the form". It's like the error message get's carried over. I appreciate any help to sort this out.
  23. Is there something wrong with the following redirect syntax ? <?php $session->redirect($page->get(1184)->url); ?> I've used this (below) to successfully redirect to a child URL so thought I was on the right track. <?php $session->redirect($page->child->url); ?>
  24. Hello all, I am using part of a PW install as a backend for a RESTful API. Everytime a client consumes the API, a session is started. The RESTful approach is sessionless per definition and I would like to avoid sessions, if possible, for performance reasons. When I look at the open sessions while only one client is getting or putting data through my REST API, I can see that there are quite a few (over 50) sessions open from that client. The project is at a testing stage right now and I'm afraid that once 50 or 100 clients are connected, the sessions will put a big load on the server. Is it advisable at all to try and avoid sessions? How would I go about killing sessions or, even better, connect to my API endpoints without starting a session in the first place?
  25. Hi all, I've just enabled the Session Handler Database module and would like to view the active sessions, however it doesn't display any. Does anyone know why, or what I'm missing?