Sessions in PHP 5.3.3 and kirby -


situation

i have implemented modified version of kirby auth plugin on client website, works way

  • user accounts simple kirby content files title serving login , password field containing bcrypt encrypted version of users password
  • on website, visitors can click on "customer area", goes template managed modified auth plugin (which redirects "login" form).
  • the website multilingual. accounts file content/extranet/login/login.fr.txt or example content/extranet/bastian/bastian.fr.txt, modified auth plugin looking for, finds file , reads it, checks password, , logins users.
  • this system requires account pages title same url, , invisible pages
  • user logged in , can see in « secure » template files present in folder

this works here on local mamp server can see in screenshots, on production server http://www.driving-evolution.com, doesn’t work, , don’t know why, have looked in lot of places , don’t understand going on. (it doesn’t work on staging server either)

on production server, wether enter or bad login, form doesn’t show error message, , doesn’t log user in either. @ first thought maybe because of bcrypt install, not, disabled (and used plain passwords instead) , still didn’t work.

the issue seems not plugin here difference between live php stack , local php stack (my guess on php session handling).

remote php 5.3.3

here sample output of curl on both installations :

working (local)

curl -d "username=test&password=test" -i devo.loc/fr/login  http/1.1 302 found date: tue, 27 may 2014 12:59:49 gmt server: apache/2.2.25 (unix) mod_ssl/2.2.25 openssl/0.9.8y dav/2 php/5.5.3 x-powered-by: php/5.5.3 set-cookie: phpsessid=9249a942248a2382d8eb10090bf5d825; path=/ expires: thu, 19 nov 1981 08:52:00 gmt cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache set-cookie: authfrontend=mc06csp25; expires=wed, 28-may-2014 12:59:49 gmt; max-age=86400; path=/ set-cookie: phpsessid=b38ec0b342356c2c38778e4a6925f085; path=/ set-cookie: authfrontend=8qyyn; expires=wed, 28-may-2014 12:59:49 gmt; max-age=86400; path=/ location: http://devo.loc/fr/extranet x-ua-compatible: ie=edge vary: accept-encoding content-length: 0 content-type: text/html; charset=utf-8

failing (remote)

curl -d "username=test&password=test" -i www.driving-evolution.com/fr/login  http/1.1 200 ok date: tue, 27 may 2014 13:01:32 gmt server: apache x-powered-by: php/5.3.3 expires: thu, 19 nov 1981 08:52:00 gmt cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache set-cookie: phpsessid=6j9o1i4djetojtbg444i51efm7; path=/ vary: accept-encoding x-ua-compatible: ie=edge connection: keep-alive, close transfer-encoding: chunked content-type: text/html

useful links

remote phpver : http://www.driving-evolution.com/phpver.php

screenshots when works on local

login-good login-done

hope able me on ! ask further info , give it.

turns out problem cms, file caching turned on , not ignoring "login", "logout", , "extranet" files (all related customer area), had add :

c::set('cache.ignore', array('api', 'sitemap', 'extranet', 'account', 'login', 'logout'));

to kirby config (api , sitemap unrelated).

this fixes problem login form cached , not hitting on server. form not cached.


Comments

Post a Comment

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

consider, toml node module can use: // toml.d.ts declare module toml { export function parse(value:string):any; } declare module "toml" { export = toml; } then: /// <reference path="../../../../../defs/toml/toml.d.ts"/> import toml = require('toml'); toml.parse(...); however, node module export single function, such 'glob' ( https://github.com/isaacs/node-glob ). the node usage of module be: var glob = require("glob") glob("*.js", {}, callback(err, files) { ... }); you'd naively expect this: // glob.d.ts declare function globs(paths:string, options:any, callback:{(err:any, files:string[]):void; ...but because typescripts 'import' semantics bit strange, seems can use 'import .. = require()' statement alias modules . trying call: /// <reference path="../../../../../defs/glob/glob.d.ts"/> import blog = require('glob'); results in: error ts2072: mod
Read more

openid - Okta: Failed to get authorization code through API call -

i'm integrating okta own idp server using okta's api. i'm implementing authorization code flow following steps below: in own server, use /api/v1/authn endpoint sessiontoken. use sessiontoken obtain authorization calling endpoint: /oauth2/v1/authorize?client_id=" + clientid + "&sessiontoken=" + sessiontoken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirecturl + "&state=evanyang&nonce=" it's supposed return response status code 302 , location header containing redirect url code value. however, keep getting response status code 200 , without location header, html body saying "you using unsupported browser." , "javascript disabled on browser." according api documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request , sessiontoken parameter sufficient this: an okta one-time sessiontoken. allows api-based
Read more

thorough guide for profiling racket code -

did googling ("racket profiling", "racket measure performance"), didn't find , there no examples in docs. did google "profile" search on htdp - no luck. (profile (f ...)) output isn't obvious other small snippets. ideally want python's python -m cprofile usage examples. when search "python profiling", both duckduckgo , google give top result: 26.4. python profilers . (although scanned quickly, seems more of reference "thorough usage guide" examples. if had else in mind, perhaps please link that?) the equivalent racket documentation be: profile: statistical profiler . a usage example: #lang racket (require profile) (profile-thunk (thunk (function-to-profile arg0 arg1) )) here (thunk e) convenience (lambda () e) . bigger example: #lang racket (module mod racket (provide f) (define (f) (for/list ([i 10000]) i))) (require (prefix-in mod: 'mod)) (define (f) (for ([i 10000
Read more