I'm trying to enable memcache for PHP sessions in my Yii application, but after enabling this memcache , yii logout is not working.
/**
* Logs out the current user and redirect to homepage.
*/
public function actionLogout()
{
Yii::app()->user->logout();
$this->redirect(Yii::app()->homeUrl);
}
Please can anyone help me by your valuable suggestions !!!
Related
I am nearly finished migrating an ASP.NET Core app from RC1 to 1.1.0. Everything is working great until I try to publish the app and host it in IIS.
In a debugger, or working directly from Kestrel, I have no problems. I can reach my site, login, and interact with it normally.
Under IIS, however, I can load the site and am correctly redirected to my login page, but despite logging in with the correct credentials, I am redirected back to the home page and am not logged in. I can repeat this cycle over and over - I am authenticating, but some part of the IIS/Core middleware isn't keeping me logged in.
My site is using ASP.NET Core Identity which is largely unchanged from the RC1 default VS project template.
AccountController:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
if (ModelState.IsValid)
{
var signInStatus = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, false);
if (signInStatus.Succeeded)
return RedirectToLocal(returnUrl);
ModelState.AddModelError("", "Invalid username or password.");
return View(model);
}
// If we got this far, something failed, redisplay form
return View(model);
}
Unfortunately, I can't debug this, because the VS debugger hooks Kestrel, and when hosting natively from Kestrel this problem doesn't exist. I'm not able to attach my debugger to the running Kestrel process (that was launched by IIS) - I can get attached but my breakpoints will not attach.
I am certain that the method above is being called. If I enter an incorrect password, I do indeed see the "Invalid username and password" prompt. When I login "successfully", I am redirected to the original page. The problem is that after the redirect, I'm not logged in - the navbar still shows my Login button instead of the Logout button, and I can't interact with any authorized controllers.
I know this is a super vague question with little source, but I'm not sure where to even start with this one. I'm hoping someone might see what my problem is and point me in the right direction, or at least be able to suggest some steps I can take to isolate and try to debug the issue. Or, barring that, even some hints as to what information I can add to my question to give necessary details.
Thank you!
Two starting points you can try:
Install the latest Windows Server Hosting bundle on your server.
Monitor and compare traffic between the working and broken systems after you click the login button. Are you getting the Identity authentication cookie returned on the broken system similar to the working one?
Authenticate user by link (Laravel 5.3)
I'm trying to authenticate user when he follows a special link.
I find the user by the link parameters and authenticate him like this
Auth::loginUsingId($client->id);
After that Auth::user() returns the user I needed, that's all fine.
But when I trying to acccess user's profile page it redirects me to /login.
If I log in in browser using the same user's credentials I can see the profile page.
Seems that it doesn't save info to session.
What have I missed?
I have seen that if you output anything before Auth::attempt() (same as loginUsingId) it does not work. Make sure you have no echo statements, dd, print, or anything else before or after you attempt the login. But, this should work for you:
Say, for this example that your URL is somedomain.com/autoLogin?userid=1
public function autoLogin(Request $request){
$id = $request->userid;
$user = Account::find($id);
Auth::login($user);
}
This will persist the session.
I have used laravel auth scaffold in laravel 5.2
With this, I am able to access '/register' perfectly. Now, I am trying to put '/register' behind user login. Meaning, a user should be able to access '/register' only if it has logged-in else it should redirect to '/login' page.
NOTE: I have already created few users, so there is nothing to worry that how a user can login without registering as I am already having few users and that are the only one I need.
Can anyone help me in this please!
I am able to get this done. Here's the way I followed:
In routes.php, add these lines:
Route::auth(); //already there after laravel auth scaffold
Route::group(array('middleware' => 'auth'), function () {
Route::get('register', 'Auth\AuthController#showRegistrationForm');
Route::post('register', 'Auth\AuthController#register');
});
app/Http/Controllers/Auth/AuthController.php
Change from:
$this->middleware($this->guestMiddleware(), ['except' => 'logout']);
to:
$this->middleware($this->guestMiddleware(), ['except' => ['logout', 'showRegistrationForm', 'register']]);
And now, whenever I try to access /register without logging-in as some existing user, it redirects me to /login page. And if I logs-in and try to access /register page, it shows me register page as I want it to have.Reference: Laravel 5 Auth Register After Login
I've got a Prestashop installation and when I try to login to the backend it reloads the page. I've tried to edit the following section in Cookie.php
public function isLoggedBack()
{
Tools::displayAsDeprecated();
/* Employee is valid only if it can be load and if cookie password is the same as database one */
return ($this->id_employee
&& Validate::isUnsignedId($this->id_employee)
&& Employee::checkPassword((int)$this->id_employee, $this->passwd)
//&& (!isset($this->_content['remote_addr']) || $this->_content['remote_addr'] == ip2long(Tools::getRemoteAddr()))
);
}
I've tried this in different web browsers with no luck.
Is there a proper solution available for this?
I have the same problem anytime and it was solved cleaning the browser cookies.
Hope that helps you
We are using auth2.0 for windows azure active directory authentication where authentication is performed on https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=...... and after successful authentication we are redirecting to our site.
for logout the site we delete all the cookies generated on our site and redirect to the login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=....... url again but at this time we are not getting any login credentials screen and
redirected to our site with access token. What process is required to logout. because if we delete all cookies or close the browser and reopen the site works and redirecting us to login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=........ url.
we are using following code for logout process
[NoCacheAttribute]
public ActionResult LogOut()
{
UserCookieWrapper.delete_UserCookieWrapper();
//This function delete all the datamemeber of the UserCookieWrapper class
string[] theCookies =
System.IO.Directory.GetFiles(Environment.GetFolderPath(
Environment.SpecialFolder.Cookies));
foreach(string currentFile in theCookies)
{
try
{
System.IO.File.Delete(currentFile);
}
catch(Exception objEx) { }
}
Response.Clear();
return RedirectToAction("Index", "Login");
}
Clearing cookies you've created will not help you, since the user is still signed-in with the Azure AD. This is howo Web-SSO (Single-Sign-On) works. Regardless of the protocol you use to authenticate with Azure AD, you still need to implement the Sign Out properly - a federated Sign Out! This is the case with any web-sso provider you will find on the internet - Google, Facebook, LinkedIn, Twitter, you name it.
What you do is just signing user out of your Application, not from the identity provider. Once your application redirects the user to the selected identity provider (in your case AAD), if the user has an active session with it, one will not see login screen!
In order to properly implement federated sign-out, you have to read through the Implementing SSO with Azure Active Directory. You can fast forward to the "Implementing Sign Out Controller" step. Which will show a code like this:
public void SignOut()
{
WsFederationConfiguration fc =
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string request = System.Web.HttpContext.Current.Request.Url.ToString();
string wreply = request.Substring(0, request.Length - 7);
SignOutRequestMessage soMessage =
new SignOutRequestMessage(new Uri(fc.Issuer), wreply);
soMessage.SetParameter("wtrealm", fc.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(soMessage.WriteQueryString());
}
Please read through the entire section (better the entire article) to understand what the code does and why you have to go this way.