Not working properly: logged_in() about ag-auth HOT 12 CLOSED

There's a massive oversight on my part, I hadn't loaded the auth helper in the MY_Controller file. It should be fixed now, I'll leave this open just in case though.

Fixed in master branch.

Thanks.

from ag-auth.

Cool, I have some changes to push to help this all out, I don't know but you've probably done it on a local branch.

Hope it helps though!

from ag-auth.

Hi Adam, I've applied the fixes to my own, and I'm still getting odd behavior with sessions.

It seems that the first visit to the page (/login) creates a session. Logging in creates a new session. The redirect to the dashboard creates a new session. The dashboard check in the admin controller can't se the logged in session as the new one has taken over and therefore redirects to login again.

The single process is causing three sessions the first time, with the user details in the second one, and then two new ones per login attempt after that, the first always having the details.

I wonder what is causing this?

from ag-auth.

This is extremely odd and I can't think why multiple session would be created. Are you using an extended session libraries?

from ag-auth.

No, it' just pure CI2 ore and your auth files. Would it have anything to do with the config settings for cookies, csrf, xss etc?

from ag-auth.

It shouldn't do. Since it's just the CI Session library. How are you checking to see that a different session is being created each time?

from ag-auth.

I'm just looking directly in the DB for now.

Is it just the AG_Auth class that handles sessions?

from ag-auth.

Yes just that file…in the login_user() function.

from ag-auth.

I'm really confused here now.

I've dumped out data to screen to see what was what and I've definitely confirmed what I discovered earlier. The login page creates a cookie/session as default by CI, logging in creates another cookie/session and processes all the userdata, then when the redirect occurs back through the admin controller, another cookie/session is created. I really don't know what's happening here, and Googling around hasn't helped any either.

from ag-auth.

It seems that the cookie/session's created by default CI are persistent, and remain continuously until I interact with the login, where the cookie is replaced and then replaced again by CI on redirect to a page that has no cookie/session interaction (apart from the login check, but by then the cookie has been replaced)

from ag-auth.

That's extremely odd. I'll take a look at it tomorrow when I'm not so tired.

from ag-auth.

Adam, don't worry about it now, the fix was to do with CI version > 2.02 needing alterations to the ci_sessions table.

CREATE INDEX last_activity_idx ON ci_sessions(last_activity); ALTER TABLE ci_sessions MODIFY user_agent VARCHAR(120);

I'll add this to the SQL today.

There are a couple more fixes to do with user management, but I'll work on that later.

from ag-auth.