Welcome Guest, Not a member yet? Register   Sign In
Lost Session Data
#1

Hi I'm using CI 4.2.12 and the latest Myth Auth (modified) for user login.

My login script works OK and sets the session data as required. But when I redirect to another controller, all of the data in the session is removed.

Please note I've inserted and provided some logging info, to try and show exactly what is happening, along with my config and scripts.

Any help here is gratefully appreciated as I've spent hours trying to rectify this.

Many thanks.


Config/App setting
PHP Code:
public $sessionRegenerateDestroy false


The relevant part of my login script
PHP Code:
log_message('notice''[MYTH AUTH - session state after identifying user] {file}-{line}, '.print_r(session()->get(),true));
 
 if (! 
$this->auth->attempt([$type => $login'password' => $password], $remember)) {
     
     $redirectURL 
'logout';

     unset($_SESSION['redirect_url']); 

     return redirect($redirectURL)->to()->withInput()->with('error'$this->auth->error() ?? lang('Auth.badAttempt'));

 }else{
     session()->set(['db_conn'  => $active[0]['db_conn'], 'db_prefix'  => $active[0]['db_prefix'],]); 
 
     $redirectURL 'landing?con='.$active[0]['db_conn'].'&pre='.$active[0]['db_prefix'].'&action='.$uid;

     unset($_SESSION['redirect_url']);

     log_message('notice''[MYTH AUTH - session state after adding db_conn, db_prefix & logged in (added by AUTH->ATTEMPT)] {file}-{line}, '.print_r(session()->get(),true));

     return redirect()->to($redirectURL);
 } 


The first part of my redirected page
PHP Code:
<?php namespace App\Controllers;

//use CodeIgniter\Controller;
use App\Controllers\BaseController;


class 
Landing extends BaseController
{
 
 
     public function index() {
         log_message('notice''[LANDING - session state on page load, first line in controller index] {file}-{line}, '.print_r($this->session->get(),true));

         $data['lang'] = 'landing';
         $data['page_name'] = lang('landing.title');
 
         helper(['form''url']);
 
         $usr_g = new \App\Models\Sys_admin\User_groups;

         $userdataArray=$usr_g->getUserAndGroupById($this->session->get('logged_in')); 



And here is the log
Code:
INFO - 2023-02-15 10:34:29 --> Session: Class initialized using 'CodeIgniter\Session\Handlers\FileHandler' driver.
INFO - 2023-02-15 10:34:42 --> Session: Class initialized using 'CodeIgniter\Session\Handlers\FileHandler' driver.
NOTICE - 2023-02-15 10:34:42 --> [SUCCESS] APPPATH/ThirdParty/myth-auth/src/Models/BespokeUserModel.php-52, Retrieved User By ID  -
NOTICE - 2023-02-15 10:34:42 --> [SUCCESS] APPPATH/ThirdParty/myth-auth/src/Models/BespokeUserModel.php-52, Retrieved User By ID  -
INFO - 2023-02-15 10:34:45 --> Session: Class initialized using 'CodeIgniter\Session\Handlers\FileHandler' driver.
INFO - 2023-02-15 10:34:52 --> Session: Class initialized using 'CodeIgniter\Session\Handlers\FileHandler' driver.

NOTICE - 2023-02-15 10:34:52 --> [MYTH AUTH - session state after validate] APPPATH/ThirdParty/myth-auth/src/Controllers/AuthController.php-146, Array
(
    [__ci_last_regenerate] => 1676457292
)

NOTICE - 2023-02-15 10:34:52 --> [MYTH AUTH - session state after identifying user] APPPATH/ThirdParty/myth-auth/src/Controllers/AuthController.php-194, Array
(
    [__ci_last_regenerate] => 1676457292
)

NOTICE - 2023-02-15 10:34:52 --> [MYTH AUTH - session state after adding db_conn, db_prefix & logged in (added by AUTH->ATTEMPT)] APPPATH/ThirdParty/myth-auth/src/Controllers/AuthController.php-206, Array
(
    [__ci_last_regenerate] => 1676457292
    [logged_in] => 9
    [db_conn] => c_1
    [db_prefix] => de1
)

INFO - 2023-02-15 10:34:52 --> Session: Class initialized using 'CodeIgniter\Session\Handlers\FileHandler' driver.
NOTICE - 2023-02-15 10:34:52 --> [LANDING - session state on page load, first line in controller index] APPPATH/Controllers/Landing.php-12, Array
(
    [__ci_last_regenerate] => 1676457292
)
Reply
#2

[UPDATE]

It looks as though the last line in the login script is erasing the session data. IS THIS A KNOWN BUG?

PHP Code:
return redirect()->to($redirectURL); 


To work round this, I can included the session variables (that get erased),  in the redirect url.


PHP Code:
$redirectURL landing?logged_in=9&db_conn=c_1&db_prefix=de1 


Then add these values to the session in the target controller.

This seems to work OK for now, but I'm not sure of any security impliactions and whether this would be a recommended work around ?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB