0

Getting logged out of the web application when:

  1. Double clicking any public anchor link (e.g. clicking about us twice in succession)
  2. Using ajax auto complete calls (e.g. with Jquery.autocomplete)
  3. Using CKeditor and uploading an image (KCFinder to upload to server)
  4. Open 2 or more tabs and quickly click on links in each tab

By Logged out I mean that BJauthorise (zend developer tools) sees my roles (e.g. member, memberplus etc) prior to the action. If I perform any of the above actions zfcuser/bjyauthorise seems to lose it's session/cookie? and I get the '403 forbidden' page displayed by BJYauthorise. All zfcuser info is then missing and I need to log in again.

Environment: zf2, zfcuser, bjyautorise + custom routes.

I do have this in the module/Member/Module.php 

 'Zend\Session\SessionManager' => function ($sm) {
                    $config = $sm->get('config');
                    if (isset($config['session'])) {
                        $session = $config['session'];

                        $sessionConfig = null;
                        if (isset($session['config'])) {
                            $class = isset($session['config']['class'])  ? $session['config']['class'] : 'Zend\Session\Config\SessionConfig';
                            $options = isset($session['config']['options']) ? $session['config']['options'] : array();
                            $sessionConfig = new $class();
                            $sessionConfig->setOptions($options);
                        }

                        $sessionStorage = null;
                        if (isset($session['storage'])) {
                            $class = $session['storage'];
                            $sessionStorage = new $class();
                        }

                        $sessionSaveHandler = null;
                        if (isset($session['save_handler'])) {
                            // class should be fetched from service manager since it will require constructor arguments
                            $sessionSaveHandler = $sm->get($session['save_handler']);
                        }

                        $sessionManager = new SessionManager($sessionConfig, $sessionStorage, $sessionSaveHandler);

                        if (isset($session['validator'])) {
                            $chain = $sessionManager->getValidatorChain();
                            foreach ($session['validator'] as $validator) {
                                $validator = new $validator();
                                $chain->attach('session.validate', array($validator, 'isValid'));

                            }
                        }
                    } else {
                        $sessionManager = new SessionManager();
                    }
                    Container::setDefaultManager($sessionManager);
                    return $sessionManager;
                },

I have been trying to figure out what is causing this and initial thoughts go towards the session regeneration. My local testing computer is relatively loaded (i.e. slow) so I am assuming that ZF2 tries to regenerate the session which is somehow locked and then says ' Hey, you're not logged in, I'm going to clear the session and kick you out...!' but this is not a clear conclusion.

Does anybody know or have any experience with this or similar issue with 'not so random' logouts when trying to access their site?

Should I look at the session further or am I completely in the wrong area?

UPDATE: Looking at 'network' in the chrome developer tools toolbar: In a simple example of clicking 2 different link in succession, the preserved network log shows the initial request cancelled and the the next request (i.e. the second link clicked) shows the 403 forbidden response. i.e. I have 2 links (link A and link B) in an area controlled with a route guard. If I click link A and the page begins request/response process and I interrupt this by clicking link B then link A is 'cancelled' and link B is suddenly unauthenticated. This 'Cancelling' of the request seems to be the common theme in all the cases and is what is causing my dilemma. Please help in any way. p.s. I'm going to try and start with a fresh ZendSkeletonApp/ZfcUser/BJAuthorise and see if this happens but haven't made time to investigate this yet.

JI-Web
  • 481
  • 6
  • 27
  • Just saw this post: http://stackoverflow.com/questions/18693960/zend2-zfcuser-automatic-logout?rq=1 ... Looks like a similar issue although I can't figure out how it was resolved by the OP. – JI-Web Sep 16 '15 at 22:45
  • Additional changes have resulted in this issue being 'worked around'. Two points were changed. 1. jquery in the body $(document).dblclick(function (e) { e.preventDefault(); }); 2. // $session->regenerateId(true); has been disabled. I had a custom $session->start(); which I believe IS the cause of the problem – JI-Web Sep 23 '15 at 23:33

1 Answers1

0

I believe this was human error! as commented above the issue was most likely with within the Module.php in the bootstrap() method. Trying to regenerate the session ID here caused the error.

//$sm =  $e->getApplication()->getServiceManager(); 
    //$session = $sm->get('Zend\Session\SessionManager');
    //$session->start();
    //var_dump($_SESSION);

    $container = new Container('wadmin');
    if (!isset($container->adminId)) {
        //$session->regenerateId(true);
        $container->adminId = null;
    }

Again, human error and I only realised once I started working on the admin section. I don't believe this post will help anybody so probably best to discard it...?

JI-Web
  • 481
  • 6
  • 27