Bug with dont_remember_me()

Question

Bug with dont_remember_me()

Closed this issue 11 years ago · 8 comments

amityadav4a commented 11 years ago

Auth::dont_remember_me(); not working on localhost(wampserver).

I can see rmcookie in browser cookie even after calling Auth::dont_remember_me().

I tried this #75

Answer 1 · 2014-02-22T16:32:15.000Z

So you switched to 1.8/develop? And that didn't fix it?

Answer 2 · 2014-02-23T10:49:11.000Z

Yes i switched to 1.8/develop. I have called Auth::dont_remember_me() when i am doing logout.

On login page if I check or not the "Remember me" checkbox, I'm always remembered (to verify it, I turn off and turn on firefox with both check and not check condition).

Answer 3 · 2014-02-28T11:11:59.000Z

If the cookie is not removed, I wonder if you have a valid session instance. If do you a Debug::dump(Auth::instance());, what is the value of the remember_me property?

Answer 4 · 2014-02-28T13:17:09.000Z

I get this

   protected remember_me (Object #26): Fuel\Core\Session_Cookie ↵

        protected _defaults (Array, 1 element) ↵
             cookie_name (String): "fuelcid" (7 characters)
        protected config (Array, 18 elements) ↵
             driver (String): "cookie" (6 characters)
             match_ip (Boolean): false
             match_ua (Boolean): true
             cookie_domain (String): "" (0 characters)
             cookie_path (String): "/" (1 characters)
             cookie_http_only (Boolean): false
             encrypt_cookie (Boolean): true
             expire_on_close (Boolean): false
             expiration_time (Integer): 2678400
             rotation_time (Integer): 300
             flash_id (String): "flash" (5 characters)
             flash_auto_expire (Boolean): true
             flash_expire_after_get (Boolean): true
             post_cookie_name (String): "" (0 characters)
             auto_initialize (Boolean): true
             header_header_name (String): "Session-Id" (10 characters)
             enable_cookie (Boolean): true
             cookie_name (String): "rmcookie" (8 characters)
        protected keys (Array, 6 elements) ↵
             session_id (String): "8da9588201646aefd6ca8221542b180c" (32 characters)
             ip_hash (String): "4869e012aa045958bdf5c461577cf02d" (32 characters)
             user_agent (String): "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0" (72 characters)
             created (Integer): 1393593149
             updated (Integer): 1393593149
             payload (String): "" (0 characters)
        protected data (Array, 0 elements)
        protected flash (Array, 0 elements)
        protected time (Object #27): Fuel\Core\Date ↵

            protected server_gmt_offset (Integer): 0
            public display_timezone (String): "UTC" (3 characters)
            protected timestamp (Integer): 1393593149
            protected timezone (String): "UTC" (3 characters)

when i do

Debug::dump(Auth::instance());

Answer 5 · 2014-03-01T15:46:10.000Z

Looks ok, so you have a valid session instance, and it's configured correctly. So the problem is not in Auth.

It could also be a config issue, and/or an issue with your browser. "localhost" is not a valid hostname according to the RFC's, and most modern browsers (Chrome for example) will not accept it anymore. Given the fact the cookie is created, that is probably not the issue in this case.

I personally never use "localhost" to avoid issues, but create "websitename.local" addresses in my hosts file, and use those in my virtualhost definitions.

Also, is there a redirect after attempting to remove the cookie? Fuel only sends out cookies during the framework shutdown, after all output has been send out. Some browsers, when they see a redirect, they discard all other data and redirect immediately. Which causes the cookie deletion to get lost.

Answer 6 · 2014-03-09T14:05:45.000Z

I verified that Auth::dont_remember_me(); worked when i removed Response::redirect_back(); and it removed rmcookie. But when i am visiting any other page after that, again i can see rmcookie in browser. This does not login user again.

And I manually removed rmcookie after that I turn off and turn on the browser and found user was login and rmcookie appeared again.

As redirect is preventing in cookie removal how can i redirect user after logout.

Answer 7 · 2014-03-13T17:10:31.000Z

If you have remember me active, the rmcookie will always be created if it doesn't exist. The mechanism is driven by the Session class, and that will always create a cookie, whether or not there is a payload.

As to your redirect issue, that is a browser problem, not a Fuel problem. Some browsers will, to give the user the illusion of speed, abort processing the page data when they see a "Location: " header in the HTTP response. IE is a notorious example. This means that if the "Cookie:" header is after that line, it is discarded by the browser, and since Fuel processes session closure when the page request is finished, it is always after the redirect header.

Answer 8 · 2014-04-27T21:06:41.000Z

Closed due to no response.