Jump to content

Hook to suppress setting of session cookie


Recommended Posts


part of my new project is providing a RESTful webservice through PW.

I am using clsource's REST Helper for ProcessWire which is working great.

For the REST service part of the site I would like to suppress the setting of session cookie for $session->login and $session->logout because I don't need sessions and I don't want to have Set-Cookie in my response header.

For user authentication in a PUT request I use $session->login() to verify username and password:

        $uId = $input->urlSegment1;

        $u = $users->get($uId);

        if ($session->login($u->name, $params["upass"])) {


//update user data

In the response header for that request I get:

Set-Cookie: wire=ha6io723mkfc9v4scdib3oe8g7; path=/; HttpOnly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=1n8faeiva3vg7u13ijsrs24bt1; path=/; HttpOnly wire_challenge=YK0WRw0Wrd2ZAhKEUCLPOHd9iSySEPb91; expires=Tue, 07-Apr-2015 14:11:24 GMT; path=/; httponly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=u9m41s8b87d3ca1jp1jbl0r6k3; path=/; HttpOnly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=oidcbmht561qnvts2fjnq4b7p3; path=/; HttpOnly persist=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/  

At the moment I get rid of it by doing 


But I would like to avoid setting of that cookie in the first place.

I found the relevant methods ___login and ___logout in /wire/core/Session.php

But searching Captain Hook for "logout" doesn't bring up those methods.

I assume they should be hookable because they start with 3 underscores.

Now how would I hook into those methods from my template file (not as an autoload module)?

The webservice endpoint url is .../api/users/ and my temlate file for that is users.php

What I've tried so far is

wire()->addHookBefore('Session::logout', null, 'logoutNoCookie');
function logoutNoCookie($event) {
	$event->replace = true;
	$sessionName = session_name();
	$_SESSION = array();
	// if(isset($_COOKIE[$sessionName])) setcookie($sessionName, '', time()-42000, '/'); 
	// if(isset($_COOKIE[$sessionName . "_challenge"])) setcookie($sessionName . "_challenge", '', time()-42000, '/'); 
	$_SESSION[$this->className()] = array();
	$user = $this->wire('user'); 
	$guest = $this->wire('users')->getGuestUser();
	$this->trackChange('logout', $user, $guest); 
	if($user) $this->logoutSuccess($user); 
	$event->return = $this; 


But this gives me an error:

Fatal error:  Using $this when not in object context

because I'm placing my hook function outside the class context.

What would be the correct way for calling the hook and placing my hook function?


Link to comment
Share on other sites

Normally using $this is for modules only.

Inside templates you should use wire() methods

you can also get the object via the $event var.

wire()->addHookBefore('Session::logout', null, 'logoutNoCookie');
function logoutNoCookie(HookEvent $event) {
   $hookObject = $event->object;

See also





Cheers :D

  • Like 2
Link to comment
Share on other sites

Thanks clsource!

This really helps me for better understanding the whole hooking thing in PW.

Instead of messing with cookies, I decided to better use token based authentication instead of sessions.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...