Welcome Guest, Not a member yet? Register   Sign In
Myth:Auth
#11

Ahh, that was much easier than I expected. I was trying to use myth/auth/login, not realizing it was already routed.

Thanks!
Reply
#12

It is also the first place to check if you are new to Codeigntier 4 and want to learn from real world examples: validation, multilingual, error reporting in forms etc. Infact it answerers many posts in forum in self explaining way. 

Been waiting for this, thanks Lonnie!
Reply
#13

First of all a huge thank you to Lonnie for his fantastic work and sacrifice for the community and for the realization of Myth:Auth !!! Smile

I apologize if maybe I'm not writing in the right place, but I would have a doubt about the session management.
I would like that if the user closes the browser he loses access to the portal (it's a reserved portal) and at the next access he must authenticate himself; I would like that if, instead, he presses "remember me", then a cookie is kept and the user can come back the next day without logging in.
Currently on CI3 I use the CommunityAuth library and it works in this way.
I've been trying since yesterday with Myth:Auth, but it seems to me that the login is always remembered (even if you don't check the option); it expires only when the time set in App\Config sessionExpiration passes. In the same way, I tried to set sessionExpiration to 30 seconds, login with "remember me", close the browser, reopen it after 1 minute. And the session was not remembered.
Currently in CI4 I left the default FileHandler Driver set as sessionDriver (while on CI3 I save sessions in the database).. But I don't think this can change anything.
I tried to take a look at the source, but I gave up: as little as I understand, I can't find any obvious errors.

Has anyone had a chance to experience this behavior yet?
Do you have any suggestions?

Thank you all in advance!
Reply
#14

You need to set session expire to 0 then it will delete the session on web browser exit.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#15

(04-21-2020, 03:29 AM)InsiteFX Wrote: You need to set session expire to 0 then it will delete the session on web browser exit.

Thanks for your answer.
I have already tried this way: it works fine if I do not want "remember me". But it does not work like I expect when I use "remember me" in Myth:Auth.. When I close browser and reopen it, the user must sign in again.

I tried two computers, both Chrome and Firefox... I doubted if it could be something browser-related as well. Sessions have driven me crazy in the past, when I tried to handle them on my own.
Reply
#16

You might be able to try using a __deconstruct in your BaseController and
destroy the users session.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#17

(04-24-2020, 08:06 AM)InsiteFX Wrote: You might be able to try using a __deconstruct in your BaseController and
destroy the users session.

Thank you @InsiteFX for your new reply.
But forgive me if I don't think what you've pointed out might be a solution... Why should I destroy the session in the __deconstruct?
I think it is correct to set $sessionExpiration=0 in Config\App (this way if the browser is closed the session will be deleted, so the user is no longer logged in when the browser is opened again); the only problem is that there is something wrong with "remember me" option.
I analyzed a bit the source of Myth:Auth (even if I'm a bit incapable). There is a rememberUser function inside AuthenticationBase that is called when the user checks the "remember me" box; it saves a record in the DB (this works fine!); then it should save a "remember" cookie via HTTP Responses. But it seems that this cookie is not saved...! I see the ci_session cookie, but not the "remember". For this reason the check function inside LocalAuthenticator fails, not finding the "remember" cookie set.
I tried to set a cookie through a normal set_cookie (by calling the CI helper); if I do it inside Myth:Auth cookie is not saved; if I do it inside my Dashboard controller (which extends BaseController, in the namespace App\Controllers), I see the cookie save itself.

What I would like to understand is if it's possible that there is a small bug in saving this cookie, or maybe it's due to an error of mine in integrating the library in my project (even if everything else works perfectly) or to a configuration of mine.

I don't want to be rude to continue on this thread; if you think it's better to open a new one please tell me ;-)

Thank you for your patience.
Reply
#18

Did you set the Remember me in the auth config file to true?
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#19

(This post was last modified: 04-25-2020, 08:47 AM by destez.)

(04-25-2020, 08:21 AM)InsiteFX Wrote: Did you set the Remember me in the auth config file to true?

Yes, of course! Big Grin
I set $allowRemembering = true in /vendor/mythauth/src/Config/Auth.php...I am sure the setting working fine 'cause if I leave it to disabled the checkbox is not displayed. Also, I've done a little debug of library and, as I have sayed before, if I check "remember me" option the function rememberUser inside AuthenticationBase.php is loaded: it write the token inside auth_tokens table of DB, but it seems it does not save the cookie. In Firefox and Chrome developper tools I cannot see it.. And when I close and reopen browser (if I set CI to destroy user session) the function check inside LocalAuthenticator.php look for the cookie "remember", but cannot find it.

But, excuse me @InsiteFX, you use myth:auth library and "remember me" option works fine for you?  Huh

I forgot... A doubt that came to me yesterday.

Do I need to fix something within my Config/App cookie settings? I left everything by default... And the session cookie is correctly saved by CodeIgniter; in the same way if I create a cookie from my BaseController in the application namespace, it is created correctly.
But isn't it that maybe I need to set something else to make myth:auth save the cookie from its namespace?
Reply
#20

Another update.

I was investigate how HTTP Responses should work... And now I am able to let "remember me" to work, adding a
Code:
$response->send();
After setCookie into AuthenticationBase.php.

It seems strange to me that there might be a little bug in the myth:auth library, that is really good developed... And it seems even stranger to me that no one could have noticed it before me.
Anyway, I have opened an issue on GitHub and now I am waiting that contributors give me an answer.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB