Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

After logging out, qa_is_logged_in() returns true when called outside the q&a application

+1 vote
943 views
in Q2A Core by
edited by

Hello, I want to use my q&a  users in another application, so I found out that first I have to call qa-base.php and qa-app-users.php and then use functions that would normally do the job, for example qa_is_logged_in() which will return true if the user is logged in or null otherwise.

Though, when I test it, it appears that even if the user logs out, this function still returns true until I close the browser. In the meantime, the q&a application is not accesible, meaning that the user is logged out and can't use the application, but still the function returns true when I call it in my scripts.

Having a look at the cookies, it seems that there is a session cookie remaining there, after logging out which is to blame about. If I delete it manually, using the browser's button, then the function returns false which is the desired result. However, it must work automatically, after logging out.

Is there some reason why this would work that way? I tried all the functions in users.php, they all return values and none of them returns null after logging out. And if I close the browser, they all return null.

Also something weird. If user A logs in and I call the qa_get_logged_in_handle() function, I get user A handle which is fine. If user A logs out, then the qa_get_logged_in_handle() function still returns user A handle. And now the weird part. If user B logs in afterwards, then qa_get_logged_in_handle()  function still returns user A handle... something is wrong with sessions I guess.

Please let me know if there is any idea of hot to solve this.

ps: I found here, an older question of a person who ran 3 installations in the same server, with the same userbase and he said that when he logged out in one of them, the system kept him logged in the others. He described the problem similarly and mentioned the same issue with session cookies. But that was with an older version and not exactly the same problem with mine.

Q2A version: 1.7.4
by
It runs correctly in the test environment on my local host.

Sample source:
<?php
    require '../q2a174/qa-include/qa-base.php';
    require '../q2a174/qa-include/app/users.php';
    echo '<pre>';
    echo 'qa_is_logged_in = '.print_r(qa_is_logged_in(), true)."<br/>";
    echo '</pre>';

Are you enabling QA_COOKIE_DOMAIN of qa-config.php? What is its value?
by
Hello, this option is commented in my qa-config.php. I tried to comment it out, setting it to my domain (no subdomains) and still it doesn't work. I am sure tha generally it works, but there has to be something that is wrong here and it doesn't work. I am now trying to check the 'remember me' setting because I have removed it from the log in screen so that the user can't select to be remembered, for security reasons. I am trying to see if the log in system sets some value for the 'remember' field and can't remove it afterwards.
by
moved by

I didn't actually find the reason of the problem but I found a workout. I edited the pages/logout.php file, and just before the redirect call, I added a loop to destroy all cookies and now it works as expected. Though, some other cookies that are in use, such as qa_noticed (I guess it checks if it is a first time visitor or not) are also deleted, which I don't mind anyway.

Here is the extra code I added, from php docs

if (isset($_SERVER['HTTP_COOKIE'])) {
    $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
    foreach($cookies as $cookie) {
        $parts = explode('=', $cookie);
        $name = trim($parts[0]);
        setcookie($name, '', time()-1000);
        setcookie($name, '', time()-1000, '/');
    }
}
by
Perhaps "remember" option does not matter. The cause may be plugin OR your application side. Do my sample source work correctly in your environment?

And, did you grep "u_logout" string for the whole source? Login data is cached in PHP global variables. So, if there is processing to establish session again in u_logout event process, session cookie may remain.
by
The only thing I had changed in the whole code was to comment 4 lines in the login.php, in the part that handles the 'remember' field. All the rest was just the original code, nothing changed. Also, I don't use any plugin but I use the esteem theme. In general, it is the default installation with the removal of the remember staff in the login screen and the use of esteem theme.

Your code doesn't work as expected in my side. It has the same issues with my examples exactly. Also, I want to make clear that not only it returns true to the logged in function, but it also returns all the corresponding values. For example, if I use the qa_get_logged_in_userid() after having logged out, I get the user id, the same with the user level, handle etc. It seems that it remembers all login information.

Thanks for your interest

Please log in or register to answer this question.

Snow Theme by Q2A Market
Powered by Question2Answer
...