Jump to content

User logout/role switch without lost all $session vars possible?


skeltern
 Share

Recommended Posts

I use the ProcessWire $session API for a new project to store some things there. Cart items, currency and more. It works fine and the limited lifetime of $sessions is OK, I defined just 3 days. There is only an issue with user $session->logout() to logout an user. It removes all items in user $session too. Website users are just "guest" or after login with role "customer". I see two options to solve my issue:

  1. I skip $session API and use instead PHP $_SESSION to keep all vars after $session->logout(). This make things more complicated and I would prefer to use PW API only.
  2. Anyone way to avoid the $session->logout() command. So that logout means remove the role "customer" temporary from user session, be only guest. Without $session->logout(). Mhhmmmm.

Maybe I think wrong, ideas are welcome. BTW, I enjoy it to work with PW. ;)

Link to comment
Share on other sites

OK, I found a solution for my topic. I copy just all $session values to a bypass array, clean up this array from user related data "_user" and push my stored values back to the new session. I think only the $session key "_user" contains sensible data? In sum, user is after logout "guest" again, but my $session vars got not lost...

    # COPY SESSION VARS
    $session_bypass = $session->getAll();

    # LOGOUT USER / RESET SESSION
    if ($user->isLoggedin()) {
        $session->logout();
    }

    # REMOVE USER DATA FROM SESSION COPY > DELETE KEY "_user"
    if (array_key_exists ("_user", $session_bypass)) {
        unset ($session_bypass["_user"]);
    }

    # RESTORE SESSION WITHOUT "_user" KEY
    foreach ($session_bypass as $key => $value) {
        $session->set($key, $value);
    }
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By theoretic
      Hi guys and ladies! And thanks for Processwire!
      It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a page having a template with this option filled, a redirect will occur if user is not logged in and/or has insufficient access rights.
      I like to hook PW events. In one of my current projects i decided to write an addHookBefore('Session::redirect', ...) which should store the page we are being redirected from. With "regular" redirects like $session->redirect('/somewhere/') this hook works like a charm. But it was strange to see that it doesn't work with the template-settings-based redirect.
      I'm too dumb to dive deep inside PW and to examine the whole PW session mechanism. But it could be rather logical if ANY redirect ( no matter template-settings-based or using $session->redirect() ) could be hooked in the same manner.
      Okay okay i can forget about template-settings-based redirect and write my own. Just a couple of lines of code, and it works. But it's less elegant than hooking the template-settings-based redirects.
      So am i missing something? It this behavior a bug, or is it intended by PW team? Thanks in advance for any comment!
    • By fliwire
      Hi, after redirect to payment page processwire session lost because of samesite cookies changed default to "lax".

      https://web.dev/samesite-cookies-explained/

      tried to hook session::init but not works ?
      $wire->addHookBefore("Session::init", function (HookEvent $event) { ini_set('session.cookie_samesite', 'None'); session_set_cookie_params(['samesite' => 'None']); });

      set by htaccess works
       
      <ifmodule mod_headers.c> Header always edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </ifmodule>  
    • By spercy16
      After doing a Google search for the issue I saw several previous posts mentioning this same issue but cannot figure out how to fix it and shouldn't have to spend a half hour trying to. ProcessWire frequently logs out of the admin area after less than five minutes. It shouldn't time-out ever, and if someone wanted that option for security reasons they should be able to enable it through the settings in their admin panel. In addition to it not being the default setting, users also shouldn't need to edit your config files manually to change these kinds of settings. Please fix the major issue in a future release. It's absured imho that developers don't realize the inconvenience it places on other people if they have to login every time they switch back to that page. It has also logged me out without warning without any visual que that it did so. If someone was working on paragraphs of content they could easily lose their work do to this bug as well... Please don't refer me to a forum with a dozen possible solutions to the issue and fix it yourselves. I'm sick of looking at them. It's your job to troubleshoot your software, not your users!
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
      //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a  200.... I guess this is where my problem is; but why?
       
       
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
       
×
×
  • Create New...