I am using the version TYPO3 9.5.13. If a user is doing a successful login, I store the user data in the controller. If the user comes back from any view to the same controller, the user information, saved in the controller before, are gone. So it seems, that every time the user comes back to the controller a new instance of controller will be opened. PHP globals in TYPO3 are not working.
Therefore I am looking for a way, to have some data always available in the ncontroller. The extension is my own, as well the templates and the views. So if neccessary, I can make any changes.
The only way I currently see, is to send the user data to the views and from the views back to the controller. But that is not easy possible for all my views and also not a elegant way to do.
Do you have any suggestions? Thanks for your support!
You should store your user data in a session variable. this data can be acceessed globaly and TYPO3 will manage it for you. it is available for each request of the client, until he logs out or ends his session (terminate browser, ...)
Thank to Bernd, I found a solution:
$GLOBALS['TSFE']->fe_user->setkey('ses','user',$Setup);
$GLOBALS['TSFE']->storeSessionData();
I stored an array under user. Important is the second line, to store the Session data.
With the below instruction I read it into an array.
$user['user'] = $GLOBALS['TSFE']->fe_user->getKey("ses", "user" );
It is possible to store several variables und of course to change the name user.
You can clear, if you write NULL to it:
$GLOBALS['TSFE']->fe_user->setkey('ses', 'user', NULL);
$GLOBALS['TSFE']->storeSessionData();
Related
I am messing around making an app in grails. At this point I have already made a login view and the controller. How its working is I got a service which queries my db for the credentials and then if they are valid proceeds to the main screen as shown below. Now I need to add a session to it so that you cant bypass the login. Keep in mind I got no Domain classes because all I need Im querying the database.
This is how the controller works rn:
The login service is basically a firstrow query.
It isn't clear what you really need but in your controller is a variable named session which you can interact with as a Map and do things like session.isLoggedIn = true or if(session.isLoggedIn) { ... } etc. You probably shouldn't do that sort of thing in your app though. You should consider something like https://grails-plugins.github.io/grails-spring-security-core/.
When I run a Sails app from a browser tab I get a unique session in which you can store authentication information. If you start the same application in a different browser tab, the session is identical and is therefore already authenticated. Although useful, I don't want that. I want each browser tab to have a completely unique session. Is this possible and if so, how? How is the sails.sid generated? I thought maybe I could generate a unique secret but of course the time my code gets a look in it is too late.
Obviously I don't have to use req.session at all, and generate my own unique identifier and store for each tab, but want to make use of standard sessions if I can.
You can't have a unique session for each tab in the same browser instance.
The way the session works is not suitable for what you want to achieve.
One solution is to use a socket to identify the tab. Caution, you can not reload the page, cause every time you will get a new socket.
You need dirty hack here.
Every tab has their unique socketId,
So you can use this socketId as a sessionId.
beforeConnect() handle logic for socketId = sessionId & store it somewhere if needed.
afterDisconnect() handle logic for remove session from storage.
NOTE: Tab refresh create new session always because refresh means open
new tab within current tab itself.
Lately I've been using cURL to post data back from a custom Magento controller to a custom page on the same website.
However, the way I do it somehow breaks Magento's log in data. So I've tried another way. Magento has cURL functionality built into it (Varien_Http_Adapter_Curl).
I've tried to Post through this, but so far it has been over my head and documentation on the web is fairly sparse. I need help with this. I've got a string with all the $_POST data ready to go. Please can someone tell me how to send it?
This:
$url="<URL>";
$curl = new Varien_Http_Adapter_Curl;
$curl->setConfig(array('timeout' => 15));
$curl->write(Zend_Http_Client::POST,$url, '1.1', array(), $poststring);
$result = $curl->read();
$curl->close();
...isn't sending data .
Edit:
I've tried the non-Magento cURL, but didn't know about session Data. I still have no Idea how to send session data, either.
Now, I've tried session variables, but the result is that I can set and extract data on one page, but when changing pages the data is lost. So, this can't be used currently between the controller and view.
better you can use the magento sessions
http://magento-rohan.blogspot.in/2012/03/magento-get-set-unset-session.html
here is this how to use it
You need to give us more information about what are you trying to achieve. Basically you need to tell us where are you sending POST request to? Perhaps another Magento instance or even same Magento website? Are you expecting user to have same session it is having now? Once you give us more info I will edit my answer. For now I will try to guess what is bothering you based on the input you gave.
When you are submitting POST request with curl from server side, that means that user is no longer interacting with the "page" you are trying to submit post request to.
If user is not interacting with it, that means it is not sending user session information.
Basically it looks like this:
Normally
Eric ->(Request with session info)-> Server (Oh it's you Eric, here is
the response just for you)
What are you trying to do
Eric ->(Request with session info)-> Server ->(Request without session
info)-> Server (This server doesn't know about Eric)
So to implement this correctly, if I am good at assuming what is your problem, just pass session information to the second server along with your request.
I will add more info if you tell me I am on the good track of understanding your problem.
---UPDATE---
You didn't explain your situation well. I am telling you this because your whole approach with the cURL may be bad decision from the start. For example, if you are trying to execute code in the same Magento codebase and that code is trapped inside some controller, perhaps you can refactor your code and encapsulate that logic inside some model and execute it directly.
But here is the example of passing session information over curl in plain php:
$strCookie = 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/';
curl_setopt( $curl, CURLOPT_COOKIE, $strCookie );
Cookie should perhaps be called "frontend" in Magento. And I checked Varien_Http_Adapter_Curl it doesn't have any method for seting CURLOPT_COOKIE option so I suggest you go with plain curl setup. You also have an option to extend adapter and add that option by your self. Just override "_applyConfig" method.
I'm rendering a common Log-In form using Html.RenderAction, on every page of my site.
If the user enters their details into the text-box and clicks 'Submit', it does a POST to a controller that handles the log in.
If they make a mistake, such as entering an invalid email address, it will populate the ModelState with an error message and then redirect back to whatever page they were on before.
The problem is, because RenderAction occurs as a separate request, I'm losing the ViewModel.
Even when I put it into TempData it gets lost, since TempData is flushed on each separate request.
Is there a way of preserving data between consecutive Html.RenderAction calls?
If not, any suggestions on how I might be able to hack this? (Should put the data in Session?)
Here's what I've done for the time being. (This probably isn't the most ideal solution.)
I created a 'PreserveViewDataAttribute', which I put on any action for which I want to preserve the ViewData in the session.
In my BaseController, I overrode the 'Redirect' method with my own method, which does the following.
Gets a reference to the Action method that called it (a bit of reflection here)
Checks if this method has the 'PreserveViewDataAttribute' defined on it
If it does, copies the current ViewData to a Session variable. (The label of the variable is the same as the current action name, with '_ViewData' tacked onto the end.)
In either case, calls the base Redirect method.
Then I created a property in the BaseController called 'PreservedViewData', which returns the ViewData in session, relevant to the current action. (Or returns null if not found).
Thus, to preserve ViewData as long as I want, I need only decorate my action with 'PreserveViewDataAttribute', and then call 'PreservedViewData' whenever I need it.
Let me know if you want the source-code to this.
You might like this Post-Redirect-Get section's approach by Kazi Rashid.
http://weblogs.asp.net/rashid/archive/2009/04/01/asp-net-mvc-best-practices-part-1.aspx#prg
I'm writing a Catalyst application that's required to have a fairly short session expiration (15 minutes). I'm using the standard Catalyst framework authentication modules, so the user data is stored in the session -- i.e., when your session expires, you get logged out.
Many of the uses of this application will require >15 minutes to complete, so users will frequently submit a form only to find their session state is gone and they're required to log back in.
If this happens I want to preserve the original form submission, and if they log in successfully, continue on and carry out the form submission just as if the session had not expired.
I've got the authentication stuff being handled by an auto() method in the controller -- if you request an action that requires authentication and you're not currently logged in, you get redirected to the login() method, which displays the login form and then processes it once it's submitted. It seems like it should be possible to store the request and any form parameters when the auto method redirects to the login(), and then pull them back out if the login() succeeds -- but I'm not entirely sure of the best way to grab or store this information in a generic/standard/reusable way. (I'm figuring on storing it in the session and then deleting it once it's pulled back out; if that seems like a bad idea, that's something else to address.)
Is there a standard "best practices" or cookbook way to do this?
(One wrinkle: these forms are being submitted via POST.)
I can't help thinking that there's a fundamental flaw in mandating a 15 minute timeout in an app that routinely requires >15 minutes between actions.
Be that as it may, I would look at over-riding the Catalyst::Plugin::Session->delete_session method so that any contents of $c->request->body_parameters are serialised and saved (presumably to the database) for later recovery. You would probably want some rudimentary check of the POST arguments to ensure they're what you're expecting.
Similarly, create_session needs to take responsibility for pulling this data back out of the database and making it available to the original form action.
It does seem like a messy situation, and I'm inclined to repeat my first sentence...
UPDATE:
Whether you use delete_session or auto, the paradoxical issue remains: you can't store this info in the session because the time-out event will destroy the session. You've got to store it somewhere more permanent so it survives the session re-initialization. Catalyst::Plugin::Session itself is using Storable, and you should be able to with something along these lines:
use Storable;
...
sub auto {
...
unless (...) { #ie don't do this if processing the login action
my $formitems = freeze $c->request->body_parameters;
my $freezer = $rs->update_or_create(
{user => $c->user, formitems => $formitems} );
# Don't quote me on the exact syntax, I don't use DBIx::Class
}
...
my $formitems = $c->request->body_parameters
|| thaw $rs->find({$user => $c->user})->formitems
|| {} ;
# use formitems instead of $c->request->body_parameters from here on in
The underlying table probably has (user CHAR(x), formitems TEXT) or similar. Perhaps a timestamp so that nothing too stale gets recovered. You might also want to store the action you were processing, to be sure the retrieved form items belong to the right form. You know the issues for your app better than me.
I would store the form data as some sort of per user data in the model.
Catalyst::Plugin::Session::PerUser is one way of doing that (albeit somewhat hackishly). I would reccomend using the session plugin only for authentication and storing all the state info in the model that stores your user data instead.
And I totally agree with RET's opinion that the 15 minute limit seems really counter productive in this context.
I came across this whilst searching CPAN for something entirely unrelated.
Catalyst::Plugin::Wizard purports to do exactly what you need. The documentation suggests it can redirect to a login page whilst retaining the state of the previous action.
NB: I haven't used it, so can't vouch for its effectiveness.
In the end, we ended up grabbing the pending request (URL+params) in the auto(), serializing and encrypting it, and passing it via a hidden form element on the login page. If we got a login request with the hidden element populated, we decrypted and deserialized it and then redirected appropriately (making sure to pass through the standard "can this user do this thing" code paths).
You could always have some javascript on the client that keeps the session from expiring by making a small request every few minutes.
Or you could have AJAX check for an active session before posting the form and presenting the user with a new login box at that time if needed.