Search the Community

Showing results for tags 'session'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Found 44 results

  1. Is there a way to restrict logins for users so that one user can't be loggedin in two places at the same time? e.g. auto logout user after inactivity (of say 15 minutes..?), or logout action and disallow login if user still "logged in" somewhere?
  2. Hello there! I want to create a user front-end (user can register/login/logout via templates) I'm working based on the intermediate site profile. So _init.php is loaded first, then the template file and then _main.php. I integrated the custom login as described here, and changed it to my needs. ( I don't want to redirect the user, if the form is filled in successfully) The problem I face, is that $user->isLoggedin() lags behind $session->login(). Which means that whenever I do a login, I DO get the information that the login was successful ($session->login(...) instanceof User). I COULD use that information on _main.php to show a profile in the upper right corner. However I don't want to set a variable in the template and ask for it in _main.php. Are there any alternatives? Is a redirect really required to complete the session handling? Why? I have the same problem for the logout. The user is still displayed as logged in, when he opens the logout page. Thanks in advance. Best, Martin
  3. How to track user active time based on session login and logout. Basically, I want to get the report that each user login time and logout time/session inactivity time. Is there any module available or we can use any hooks to simulate the above. Thanks in advance for your support.
  4. Hi all. Perhaps this is just my fault, but I can't get behind it :-( When I store an array in a $session and want to read its contents – after a $session->redirect() – it is NULL by var_dump() If I use the exact same code and just store a string or a Page ID the output is correct. // file-1, product page $last_add_to_cart['product'] = $selected_product; $last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is NULL Strangely this works // file-1, product page $last_add_to_cart['product'] = $selected_product->id; #$last_add_to_cart['quantity'] = $selected_product_quantity; $session->last_add_to_cart = $last_add_to_cart; $session->redirect('/warenkorb/'); // file-2, cart var_dump($session->last_add_to_cart); // is 1234 EDIT: When I var_dump the $session before the redirect everything is ok
  5. At the top of each of my main pages, I want to redirect to my login page if the session is timed out. How can I use the PW API to test for this? $user->isLoggedin() doesn't seem to do it, like I expected. THX
  6. Hello, I have a situation were a user cannot logon to several different PW installs fromdifferent machines on his workplace network. Sometimes the initial logon is working but when navigating the PW backend he gets thrown out. Sometimes even the initial logon is not working and he is redirected too many times and the browser throws a redirection error. This points to PW loosing it's session. But the same sites are working fine when accessed from within other network environments. The user's workplace network has some pretty tight security (firewall) restrictions in place that prevent PW keeping it's session. I don't know enough about network security so I can't tell what exactly could cause that problem. I checked in the browser settings to make sure session cookies are allowed and there. Has anyone ever experienced issues like that and would there be a way to make PW keep it's session under these circumstances?
  7. Hey Guys! Im new to PW and am working on a website built on PW. Im trying to understand how sessions work in PW. Specifically what exactly is happening when session expires. The thing is that my client wants to be redirected to homepage whenever session expires, so basically he doesnt want to be redirected to admin login page when he's in the admin environment of PW(he doesnt want his clients to see the admin login page for whatever reason). Is it possible to hook to the session expiration and redirect to a specific url? And what is the correct way to do it in PW? I would appreciate the help! Cheers!
  8. Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. You may grab this from Github: SessionHandlerDBRedis I hope this could give somebody a help. Updated to v0.4 changelog: v0.3 - added ability to get forwarded IP instead of normal remote IP. v0.4 - added session lock
  9. Hi all, I have problems to keep my session on different subdomains (including www). I've set the following config: $config->sessionCookieDomain = '.mydomain.net'; $config->sessionCookieSecure = false; But it doesn't work, I always loose the session when I switch between www.mydomain.net and example.mydomain.net. Could it be because both of them have a different SSL-Certificate? (https) Thanks for any help! Dennis
  10. hi, i have a login form on my page which is handled within a template called by ajax. Login works fine, but only if the site doesn't get reloaded - which isn't the intention but may occur. So is there a way to manually reset the session data from within my form-handler template after successfully calling $session->login($username, $password), to have it working after a page reload? thanks, martin
  11. Hello, When do you choose to use $input->whitelist($key, $value) rather than $session->myvar (with myvar = 3 for example) ? The documentation uses the example of the MarkupPagerNav module : "An example is the MarkupPagerNav plugin module, which provides an easy way for you to have pagination. Lets say that you used it to paginate search engine results. [...]" (from https://processwire.com/api/variables/input/) But If I don't have pagination, but some variables to store for each member of my website, do I have any interest to store them with whitelist rather than within sessions ? Thanks
  12. Hi guys, I've just created a new user : $u = new User(); $u->name = $nickname; $u->pass = $pwd; $u->addRole("guest"); $u->save(); I've added some new informations on that user, here : $u->points = 3; $u->language = 'fr'; Now I'm doing my session->login stuff, and my session->redirect stuff. On the destination page, I thought I would retrieve the $u->points and $u->language values, but it's not set. I thought I was saving the values in my news user's session area but I'm apparently wrong. I guess I have to use that syntax in the first page : $session->points = 3; $session->language = 'fr'; ... and then it will be still there on the destination page ? Is it the good way to do it ? Do my values will stick with the right user I'm dealing with ? Thanks
  13. Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks
  14. Hi guys, I'm trying to setup my first login form. Once connected the user will able to access the other part of the website. I've read many topics about session from which I've learned a lot but I still can't figure if sessions are files based, database based or cookie based ? I've read somewhere Ryan said he will add a database option, is it live ? Perhaps a cookie is only set if a user is logged in ? In the doc http://processwire.com/blog/posts/multi-instance-pw3/#more-session-control, it says : "Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/." In that same doc, someone asks in the comments section how to get rid of sessions, he don't use them and don't want any cookies (perhaps regarding EU cookie law...). (I've also read many threads where people had too much files in their sessions directories, apparently ubuntu related or Php garbage collector setting). So does PW sessions set a cookie or not ? Does someone here know what's the default lifetime of a PW session ? Thanks !
  15. Hello, I get the following error message when I try to publish my page. "Session: Warning (requiredIf): dependency field 'feature_image' is not present in this form. (ProcessPageEdit)" Any insight? Thanks
  16. I need to write a lazy cron job that goes through a list of files and deletes those that are associated with expired sessions. Our session information is stored in the DB table sessions. Is there a Wire API call that allows me to do one of: 1) fetch all expired sessions? 2) hook the session expiration event? 3) fetch all active sessions? 4) do direct DB access to lookup sessions? (least preferred as I have to directly tie to session implmentation). My logic can either flow: Find active sessions delete files NOT in active sessions Get files if session_id associated with file NOT in sessions (or has expired) delete file.
  17. Hello, I need to restrict the page view of my app to a single guest user. This means if a session for user guest is already open for that page, other guest users are not allowed to view the same page. $session doesn't help much in that case as far as I can see from the docs (or maybe $session->getHistory() can help?). I think I could approach it this way: 1. Set session storage to DB 2. Query session table in DB for open sessions for that page and act accordingly Is there anything built into the API which I have missed that I can utilize to query the session table? Or would I have to use $database and build my own query? Any insight on this or idea how to tackle the problem would be much appreciated.
  18. Is there something wrong with the following redirect syntax ? <?php $session->redirect($page->get(1184)->url); ?> I've used this (below) to successfully redirect to a child URL so thought I was on the right track. <?php $session->redirect($page->child->url); ?>
  19. Hi all, I've just enabled the Session Handler Database module and would like to view the active sessions, however it doesn't display any. Does anyone know why, or what I'm missing?
  20. The $session feature is easy to use and great to store inputs like currency or cart items temporary on server side. Identified by client cookie ID. I thought the session lifetime works persistent. But the wire cookie is only valid until the browser will be closed. Next visit starts always with a fresh session. All vars got lost. Session file is still on server, but access impossible without cookie ID. Is there anyone way to change the client session cookie lifetime from "expired if browser closed" to maybe "current time plus 48h"? I could create a second beside the "wire" cookie to store things at client side. But all data will saved in client browser directly. The concept to identify via cookie but data always on server is better and more secure. And one cookie is better as two. Which alternative way would you prefer to store some vars for "guest" role users more persistent?
  21. I'm doing a custom login/register in the front end, and flash messages are really useful to inform the user about the process of user registration. I was used to using Codeigniter with their flash message system. I've seen very few messages in the forum where $session->message is used but I haven't seen a full implementation. I've tried my own with some degree of success, but the flash messages persist in a different way that I've expected. It's like there is a "delay". Maybe I'm doing something wrong. The header.inc has a standard notices loop: <?php if($notices) :?> <?php foreach($notices as $notice) :?> <?php $class = $notice->className(); ?> <div class="notification <?= $class; ?>"> <p><?= $notice->text ;?></p> </div> <?php endforeach ;?> <?php endif ;?> This is my register.php: When submitting the form with errors, the first time no error message are displayed. The second time I submit it with errors, then the error message appears. This is what I describe as the "delay". <?php include("./helpers/form_helpers.php"); /** * Register template * */ $out = ""; $errors = ""; // create a new form field (also field wrapper) $form = $modules->get("InputfieldForm"); $form->action = "./"; $form->method = "post"; $form->attr("id+name",'register-form'); // Name // $field = $modules->get("InputfieldText"); // $field->label = "Name"; // $field->attr('id+name','name'); // $field->required = 1; // $form->append($field); // append the field to the form // Email $field = $modules->get("InputfieldEmail"); $field->label = "E-Mail"; $field->attr('id+name','email'); $field->required = 1; $form->append($field); // append the field // Password $field = $modules->get("InputfieldPassword"); $field->label = __("Contraseña"); $field->attr("id+name","password"); $field->required = 1; $form->append($field); // Submit $submit = $modules->get("InputfieldSubmit"); $submit->attr("value",__('Crear cuenta')); $submit->attr("id+name","submit"); $submit->attr("class","btn btn--primary"); $form->append($submit); // Form submitted: process form if($input->post->submit) { // user submitted the form, process it and check for errors $form->processInput($input->post); // here is a good point for extra/custom validation and manipulate fields if($sanitizer->email($form->get("email")->value) != '') { // Email should be unique if(!isUniqueUserEmail($form->get("email")->value)){ $form->email->error(__("El e-mail ingresado ya se encuentra registrado")); } } if($form->getErrors()) { // the form is processed and populated but contains errors // Render Form $session->error(__('There are errors in the form')); $out .= $form->render(); } else { // Sanitize inputs //$full_name = $sanitizer->text($input->post->name); $email = $sanitizer->email($input->post->email); $password = $input->post->password; // Generate username from email $username = $sanitizer->email($input->post->email); // Create New User $u = new User(); $u->of(false); $u->name = $username; $u->pass = $password; $u->email = $email; $u->addRole("guest"); $u->addRole("member"); $u->save(); $u->of(true); // Create hash // Email the user with confirmation e-mail // Redirect to login page and display success Message $session->message(__('User registration sucessfull')); $session->redirect('/login'); } } else { // Form not submitted: render out form without processing $out .= $form->render(); } include("./partials/header.inc"); ?> <div class="container container--narrow"> <div class="page"> <h1>Nuevo usuario</h1> <?= $out ;?> </div><!-- .page --> </div><!-- .container --> <?php include("./partials/footer.inc"); ?> On a successful submission, the next page displays the correct message, but also the error message "There are errors in the form". It's like the error message get's carried over. I appreciate any help to sort this out.
  22. Hello all, I am using part of a PW install as a backend for a RESTful API. Everytime a client consumes the API, a session is started. The RESTful approach is sessionless per definition and I would like to avoid sessions, if possible, for performance reasons. When I look at the open sessions while only one client is getting or putting data through my REST API, I can see that there are quite a few (over 50) sessions open from that client. The project is at a testing stage right now and I'm afraid that once 50 or 100 clients are connected, the sessions will put a big load on the server. Is it advisable at all to try and avoid sessions? How would I go about killing sessions or, even better, connect to my API endpoints without starting a session in the first place?
  23. The $config->sessionExpireSeconds in config.php is set to 86400 but still I have to log in as admin after about 10 minutes of inactivity. Any other hidden corners where I should look to set this right? $config->sessionChallenge is set to true. $config->sessionFingerprint is set to false.
  24. Hi folks! In my current project I'm using ProcessWire v2.5 as pure backend service, including it in my frontend application as described here. Now I encountered some problems with the pw session handling interfering with the session handling of my frontend application. In this case the pw installation runs on a subdomain of my frontend application. Duplicate session_start() Each time I include pw's index.php pw tries to start it's own session, resulting in a notice that a session has already been started. To encounter this problem, I changed one row in Session::___init() (/ProcessWire/wire/core/Session.php): protected function ___init() { if (session_status() != PHP_SESSION_ACTIVE) @session_start(); } Session configuration override Additionally pw sets it's own session configuration and therefore overrides the config of my frontend application. To prevent this, I wrapped the session configuration block within the index.php (/ProcessWire/index.php, rows ~176ff) in a condition: if (session_status() != PHP_SESSION_ACTIVE) { session_name($config->sessionName); ini_set('session.use_cookies', true); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds); if (ini_get('session.save_handler') == 'files') { if (ini_get('session.gc_probability') == 0) { // Some debian distros replace PHP's gc without fully implementing it, // which results in broken garbage collection if the save_path is set. // As a result, we avoid setting the save_path when this is detected. } else { ini_set("session.save_path", rtrim($config->paths->sessions, '/')); } } } This is surely a bad way to fix my problem, because I had to change some code within the pw core. If anybody knows a more elegant solution to prevent pw from starting/configuring a session if used vi include, it would be very welcome. regards, Wumbo
  25. I use the ProcessWire $session API for a new project to store some things there. Cart items, currency and more. It works fine and the limited lifetime of $sessions is OK, I defined just 3 days. There is only an issue with user $session->logout() to logout an user. It removes all items in user $session too. Website users are just "guest" or after login with role "customer". I see two options to solve my issue: I skip $session API and use instead PHP $_SESSION to keep all vars after $session->logout(). This make things more complicated and I would prefer to use PW API only. Anyone way to avoid the $session->logout() command. So that logout means remove the role "customer" temporary from user session, be only guest. Without $session->logout(). Mhhmmmm. Maybe I think wrong, ideas are welcome. BTW, I enjoy it to work with PW.