Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Session will not persist
  • I had looked into the SimpleAuth driver, but I need something a little bit more advanced than what the driver provides.  No matter what I try, I can not get the session to persist.  When a user logs in and does NOT choose remember me, the default config from fuel/core/classes/session.php should be used (3 hour expiration time, session end on browser close).  If they DO choose remember me, the expiration time should be set to one week and the session should not end on browser close.  If I check the box and close the browser and return to the site, it shows I am logged out even though the cookie is still there.  HELP!

  • What "advanced" stuff do you need? To be honest, I only see some very complicated stuff in this controller that Simpleauth does out of the box.

    You also have to be very careful with changing the session settings at runtime. The problem you probably have is that the session is loaded with default expiration values. So as soon as you start your browser, the session starts, reads the cookie, and expires it immediately.

    To implement remember-me functionality, it's better to create a second session, using cookie based sessions, with a long expiration, and store the user_id in it. Using that id, you can call Auth::force_login() to log that user in again if you detect the default session doesn't give you a logged-in user.
  • I don't know how many extra columns I'll have on the user table, so I feel like it's far more efficient to have additional columns for each additional field I need rather than storing them all in a single column.  Also, I am performing certain actions (forgot password mainly) that are a bit complicated with SimpleAuth unless the user is logged in.
  • You might want to switch to Ormauth in 1.6. It uses an EAV container for user meta data, so you can add an unlimited amount of additional fields. In SimpleAuth, you're supposed to put them in profile_fields, which is a serialized array, useful but less handy if you need to search on values.

    There are further additions on the roadmap for auth, including "reset password" and  "remember me" functionality, and additional login drivers.
  • I've just pushed 'remember-me' functionality to the 1.7/develop branch of the Auth repository.

    You can just switch the Auth package in your application to this branch to use it. See http://fuelphp.com/dev-docs/packages/auth/simpleauth/usage.html#/method_remember_me for an example on how to use it.

    Once enabled Auth::check() will automatically pick it up, no further coding needed.
  • Awesome!!  I'll give it a shot and let you know!  I thought I heard mention that you guys are phasing out ORM in 2.x though, so will I lose ORMAuth if I eventually upgrade??
  • Hi Harro Verton, the remember-me functionnality in 1.7/develop is safe ?

    This feature will be in the 1.7/master ?
  • Yes, it uses a custom session, which all security features implemented for sessions.

    And it's currently released, as part of 1.6.1.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion