Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Odd problem with Auth, Multiple drivers and sessions
  • Hello folks. First thank you for maintaining this forum, the answers here have been invaluable to learning fuelphp.

    completing the admin section, I decided to add another Auth driver to
    the frontend. So now the app uses two Auth drivers: Simpleauth, and a
    custom driver (really just a modified clone of simpleauth).
    As per docs, I changed the Auth config to this:

    return array(
        'driver'                 => array('Simpleauth', 'Customauth'),
        'verify_multiple_logins' => true,
        'salt'                   => 'loremipsumloremipsum',
        'iterations'             => 10000,

    On the admin side, the
    Auth::instance('Simpleauth')->login() still works, but now when I
    redirect to the admin main page and use
    Auth::instance('Simpleauth')->check() it returns false.

    After some digging, I found that the value for Session::get('username') won't stick
    after the Response::redirect. The session values are good all the way
    up to the point where the redirect happens, then it disappears.

    Changing the Auth config back to a single driver fixed the problem with the Admin. But now I can't use multiple auth drivers.

    seems the solution is to change the Auth config to
    "'verify_multiple_logins' => false" while keeping the multiple
    drivers. I just wanted to share this scenario in case someone encounters a similar problem.

    But please let me know if there is a better solution. Thanks!

  • verify_multiple_logins means it won't stop at the first driver that produces a hit, it will check all drivers. If your Customauth is a clone, that will probably login the user too.

    So only use that when you have the same user in multiple backends, and you want the last driver to win.
  • thanks for your answer Harro. I checked the codes for Auth_Login_Simpleauth, on the perform_check() function, line 108-109. it deletes the session values for username and login_hash.

    Is it possible that this may be causing the session values to disappear when the Auth performs multiple Auth::check() when the it has multiple drivers? So what happens is when the next driver tries to check logins the session values are gone, and thus returns false.

    I may be reading this wrong, so if you could clarify pls. Thanks.
  • HarroHarro
    Accepted Answer
    If both drivers use the same cookies, yes, absolutely.
  • got it. thanks harro.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion