How do I determine whether an active session exists, as well as retrieve details about the active session, without auto-starting the session?

[fireundubh]

How do I determine whether an active session exists, as well as retrieve details about the active session, without auto-starting the session?

[ikkez]

you cannot see if there is something in the session without starting the session. the session is auto-started when you try to check any key in it like $f3->exists('SESSION.mykey');
when php executes session_start() it'll check if you have send a session cookie, then it'll check if that session id is existing and still valid (not expired) and extract the stored data to the $_SESSION global. if the session was not found, or expired, it'll create a new session, sends the new session cookie and the session data keeps being empty.

[fireundubh]

So, with SQL sessions, what is the correct way to check if the user is logged in/out, get data about that user, and close the session?

[er...@digital-garage.com.au]

You can use the Auth class (http://fatfreeframework.com/auth)

 

Then once you've authenticated the user and the full user record or part there of to the session using $f3->set("SESSION.whatever");

 

You could then use the F3 beforeroute hook to check if the user details are set in the session and send the user off for authentication if they aren't.

 

Eric.

--

You received this message because you are subscribed to the Google Groups "Fat-Free Framework" group.

To unsubscribe from this group and stop receiving emails from it, send an email to f3-framework...@googlegroups.com.

To post to this group, send email to f3-fra...@googlegroups.com.

Visit this group at http://groups.google.com/group/f3-framework.

For more options, visit https://groups.google.com/d/optout.

 

[fireundubh]

I'm already using the Auth class. I can log the user in and then create a session, but I can't tie the session to the user.

How do I verify that the active session belongs to the logged in user?

How do I log the user out if the user clears his cookies?

I've been trying to get this working for two days now.

And, for some reason:

$this->f3->set('active_session_user', $user); // does not set

$this->f3->set('active_session_hash', md5($user)); // does not set

$this->f3->set('SESSION.user_hash', md5($user)); // sets

Getting auth/session working feels a lot harder than it should be.

[er...@digital-garage.com.au]

To store stuff in the session you need to prefix it with SESSION.

 

So your active_session_user should be something like $f3->set("SESSION.user","blah");

 

F3's get and set deal with session the same way as GET / POST / REQUEST ie. use dot notation (SESSION.user) will access the user element in the underlying $_SESSION in the same as $f3->get("REQUEST.somevar") will access the underlying $_REQUEST..... or to be more correct it will access f3's synched copy of the same.

 

Eric.

[ikkez]

How do I log the user out if the user clears his cookies?

When the user clears his cookies, he cannot return to his logged in state without logging in again or get the cookie back somehow. The session in your database will stay there until it is expired because your server does not know there nobody has the session key anymore. When the session is expired and the php's internal garbage collector is running, i'll clean your sql session entries on it's own. So all you need to do is to put something in the $_SESSION that helps you to identify your user. usually somethink like this:

//login

$f3->set('SESSION.isLoggedIn', TRUE);
$f3->set('SESSION.user_id', $user->id);

// is logged in

function isLoggedIn() {
  $f3 = \Base::instance();
  return ($f3->exists('SESSION.isLoggedIn') && $f3->get('SESSION.isLoggedIn') == TRUE);
}

// get logged in user

function activeUser() {
  if ($this->isLoggedIn())
    return \Base::instance()->get('SESSION.user_id');
}

[fireundubh]

Thanks. I solved all of my problems! I can even resume garbage sessions after users manually clear cookies and log in again.