| Critical error Shield session info |
Can someone help me better understand what is happening here? This is triggering the "Whoops....." page on production site. The whole site uses authentication with Shield. Here is the error log details:
CRITICAL - 2023-02-15 19:26:41 --> The user has User Info in Session, so already logged in or in pending login state. If a logged in user logs in again with other account, the session data of the previous user will be used as the new user. Fix your code to prevent users from logging in without logging out or delete the session data. user_id: 123456 in VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php on line 628. 1 VENDORPATH/codeigniter4/shield/src/Authentication/Authenticators/Session.php(161): CodeIgniter\Shield\Authentication\Authenticators\Session->startLogin(Object(CodeIgniter\Shield\Entities\User)) 2 VENDORPATH/codeigniter4/shield/src/Controllers/LoginController.php(62): CodeIgniter\Shield\Authentication\Authenticators\Session->attempt([...]) 3 SYSTEMPATH/CodeIgniter.php(925): CodeIgniter\Shield\Controllers\LoginController->loginAction() 4 SYSTEMPATH/CodeIgniter.php(480): CodeIgniter\CodeIgniter->runController(Object(CodeIgniter\Shield\Controllers\LoginController)) 5 SYSTEMPATH/CodeIgniter.php(349): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false) 6 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run() I know it says: "Fix your code to prevent users from logging in without logging out or delete the session data." But, I don't know how that is happening. The site has a few pages that are accessible by all - but the authenticated section is only accessed through the login form - unless the user is logged in. I am using 'remember me' option. Also, filters on all the internal pages. So, a user shouldn't even see the login form unless they were logged out. I'd appreciate any insight. Thanks
This happens if your first App was logged in with the same user session and which was not cleared , what to do is make sure that you clear or destroy the first session which was used and not destroyed
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
(02-15-2023, 10:27 PM)luckmoshy Wrote: This happens if your first App was logged in with the same user session and which was not cleared , what to do is make sure that you clear or destroy the first session which was used and not destroyed Thank you! Sessions have always been a little 'black boxy' to me. Bear with me here... When a user closes browser or leaves the site - I need to destroy the session? I've never done that before (which is probably why I have session files that become a massive pile in the session folder over time). I see the docs on destroying a session when logging out https://codeigniter.com/user_guide/libra...-a-session Majority of the users will not log out on my site because they don't want to log back in - (I use Shield and have remember me active) I'm reading more in the docs on sessions right now - so I may continue to edit this reply as I read more. - Added after more reading I see in Config/Session.php ** Session Expiration ** * The number of SECONDS you want the session to last. Setting to 0 (zero) means expire when the browser is closed * public int $expiration = 7200; So, if I set this to 0 then I remedy the CRITICAL ERROR? But, then I need to destroy those sessions routinely as well, right? Garbage collector? (again, something I've heard of but never messed around with) Am I on the right track? Any suggestions to add? Thanks |
| Welcome Guest, Not a member yet? Register Sign In |
