FuelPHP Forums

tr3nx

After debugging this for hours I finally seem to have narrowed it down, but still don't know how to explain it. I first register an account using Auth::instance()->create_user();
Then save some other fields using ORM and save()
User gets an email with an activation code and when clicked activates the account and redirects them to the login page.
That all works perfectly. User then enters their information in username and password. In the login function I check that the account is active using ORM and if it is, I continue with the login. Doing Auth::instance()->login() and then setting more database things with another ORM.
That again is perfect. But when I check the Auth session in my cookie or database its gone, and if I then change the page from login, Auth::check() fails.
And when checking the database, the user that was just created still has 'null' for the login_hash and 0 for last_login, but other fields that I changed once I do a Auth::instance()->login() are changed to the correct value, things like ip address. So from what I have found during my many hours of debug was that it only happened on newly created accounts and only happens when I do an ORM query before Auth::instance()->login(). When I remove the ORM before the login it works perfectly, the session sticks around after page change. But there doesn't seem like there should be a reason to not allow this, almost like its a bug, or I could just be doing something wrong.
I cut a lot of the code just to show the pieces that don't work, code still works as I describe.

  if(Input::post())
  {
   $is_active = Model_Users::find()
    ->where('username', Input::post('username'))
    ->get_one();
    
   if(Auth::instance()->login(Input::post('username'), Input::post('password')))
   {
    $user = Model_Users::find()
     ->where('username', Input::post('username'))
     ->get_one();
     
    $user->last_ip_address = $user->ip_address;
    $user->ip_address = Input::real_ip();
    
    if($user->save())
    {       
     Session::set('user_id', $user->user_id);
     Session::set_flash('success', 'Logged in.');
     var_dump(Auth::check());  // returns true all the time
     //Response::redirect('list');
    }
   }
  }

When I comment out the $is_active it all works fine.
Also when uncommenting the redirect, the message of 'Logged in' shows, but when checking the session I'm not logged in.
So the Login() returns true and then removes the session but my custom session set of user_id is still there. Maybe I just don't understand something, but any help would be greatly appreciated.
I am willing to provide more code if you think it would help.

tr3nx

I recorded a demo to show this off better, including database shots to confirm things are working. I added the default core/config/session.php to my fresh install from my previous post and then edited it to use my database for session storage, which works. I also added an echo var_dump(Session::get()); to the welcome/index. But the problem still happens and the video will show it.
http://www.youtube.com/watch?v=SERndBn20P8 After making that, I tried using fuel-core-1.1 and using the same app code.
I was able to register users but whenever I would login it never actually login or create a session no matter how many times I did so.
But that could be for a number of reasons. Edit: Just tried adding the same $is_active line to my already existing 1.1 website and it works fine as it should no problems.

Harro

I'm clueless to why this can happen. There is no relation whatsoever between ORM and Session. Which version of Fuel are you on? Any migrations from previous versions on your existing app?

tr3nx

I'm clueless as well.
Using the latest 1.2.1 from fuelphp.com, and nothing migrated. I'm completely rewriting my website to include a bunch of new things like Restful controllers, so it's all fresh.
I also just tested a completely fresh install and still happens, I only changed the following: app/config/config.php

'index_file'  => false,

'packages'  => array(
 'orm',
 'auth',
),

app/config/db.php

return array(
 'active' => 'default',

 'default' => array(
  'type'           => 'mysqli',
  'connection'     => array(
   'hostname'       => 'localhost',
   'port'           => '3306',
   'database'       => 'newdatabase',
   'username'       => 'root',
   'password'       => 'pass',
   'persistent'     => false,
  ),
  'table_prefix'   => '',
  'charset'        => 'utf8',
  'caching'        => false,
  'profiling'      => false,
 ),
);

Then added the same login/register views and added three buttons and an Auth::check to app/views/welcome/index.php to show if it was working. And included my auth.php controller with a lot of the code cut. auth.php controller
http://scrp.at/bDa users.php model
http://scrp.at/bDb usersmetadata.php model
http://scrp.at/bDc Another thing to note is that after I login the first time, and it says that I did. if I login AGAIN it works fine, but I don't want my visiters to have to login twice...
I tried this with different browsers to see if cookies were the problem, and same issue.
I also tried using the database to store the session information, and again same issue.

Harro

So: You login the first time, you get the "Logged in" message and you are redirected to 'welcome/login'. But when you get there you're not. You go back to your logon page, login again, get the "Logged in" message again, are redirected, and this time it works? Have you dumped the session contents in welcome/index to see exactly what is stored when you get there? There was a bug in the Session class that wouldn't write the session if it contained only flash variables, but that was fixed 3 months ago, 1.2.1. should have that fix. Can you check in your browser if you have a session cookie, and if it is updated after every page request?

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.

Howdy, Stranger!

Categories

In this Discussion