Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Odd problem with Auth, Multiple drivers and sessions
Hello folks. First thank you for maintaining this forum, the answers here have been invaluable to learning fuelphp.
completing the admin section, I decided to add another Auth driver to
the frontend. So now the app uses two Auth drivers: Simpleauth, and a
custom driver (really just a modified clone of simpleauth).
As per docs, I changed the Auth config to this:
'driver' => array('Simpleauth', 'Customauth'),
'verify_multiple_logins' => true,
'salt' => 'loremipsumloremipsum',
'iterations' => 10000,
On the admin side, the
Auth::instance('Simpleauth')->login() still works, but now when I
redirect to the admin main page and use
Auth::instance('Simpleauth')->check() it returns false.
After some digging, I found that the value for Session::get('username') won't stick
after the Response::redirect. The session values are good all the way
up to the point where the redirect happens, then it disappears.
Changing the Auth config back to a single driver fixed the problem with the Admin. But now I can't use multiple auth drivers.
seems the solution is to change the Auth config to
verify_multiple_logins' => false
" while keeping the multiple
drivers. I just wanted to share this scenario in case someone encounters a similar problem.
But please let me know if there is a better solution. Thanks!
verify_multiple_logins means it won't stop at the first driver that produces a hit, it will check all drivers. If your Customauth is a clone, that will probably login the user too.
So only use that when you have the same user in multiple backends, and you want the last driver to win.
thanks for your answer Harro. I checked the codes for Auth_Login_Simpleauth, on the perform_check() function, line 108-109. it deletes the session values for username and login_hash.
Is it possible that this may be causing the session values to disappear when the Auth performs multiple Auth::check() when the it has multiple drivers? So what happens is when the next driver tries to check logins the session values are gone, and thus returns false.
I may be reading this wrong, so if you could clarify pls. Thanks.
If both drivers use the same cookies, yes, absolutely.
got it. thanks harro.
Add a Comment
It looks like you're new here. If you want to get involved, click one of these buttons!
Apply for Membership
↳ Job Board
↳ Installation & Setup
↳ Tips and Tutorials
↳ Code share
In this Discussion