CakePHP

Auth Component does not logout via URL

4 messages Options
Embed this post
Permalink
Prof. No Time

Auth Component does not logout via URL

Reply Threaded More More options
Print post
Permalink

Good day all,

Please, I have a little problem with my AUTH component. I am using the
default AUTH component in 1.2.5. I discovered that when I login to my
app and then try to log  out by typing the logout url: http://localhost/myapp/logout
(which is routed to myapp/users/logout), the auth component simply
refuses to logout (instead it gives me the deny message: You are not
authorized to bla bla bla...). It also presents me with the login form
to authorize me. The funniest part is that if I then enter my
credentials, I am then logged out. (Imagine entering username and
password to log out of an application, isn't that sickening?)

However, when I click on logout link from within a page, it logs out
correctly. What could be the cause of this?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

robustsolution

Re: Auth Component does not logout via URL

Reply Threaded More More options
Print post
Permalink

Prof.No Time

try to take a coffee cup and get relaxed, this is my current solution/
tips/tricks for the moment

1)put this in your AppController class
final protected function _logout() {
        if (!empty($this->Cookie)) {
                //this ensures if you were using the Cookie component along with the
Auth component (the famous remember me checkbox)
                //and you have saved the credentials inside cookie
                //you should delete the credentials from the cookie when you log out
                //no need to verify if you have already saved the credentials inside
cookie, no error is thrown
                $this->Cookie->del($this->Auth->sessionKey);
        }
        return $this->Auth->logout();
}

2)your UsersController class logout() method should be now like this
public function logout() {
        $this->redirect($this->_logout());
}

3)your UsersController class beforeFilter() method/callback should be
now like this
public function beforeFilter() {
        ...
        parent::beforeFilter();
        //please specify the always allowed actions... logout should be the
first one of course
        $this->Auth->allow
('logout','forgotpassword','resetpassword','activate','register'/* put
here any other always-allowed action*/);
        if ($this->Auth->user()) {
                if (in_array($this->params['action'],array
('forgotpassword','resetpassword','register','activate'))) {
                        //if you are forgetting your password,
                        //if you resetting your password,
                        //if you are registering as a new user,
                        //or if you are activating you new accout via url
                        //you should not be logged in ... yea this is logic
                        $this->_logout();
                } elseif($this->params['action']=='login') {
                        //you are already logged in, no need to login again
                        $this->redirect($this->Auth->redirect());
                }
        } elseif ($this->params['action']=='logout') {
                //you are already logged out, no need to log out again
                $this->redirect($this->Auth->redirect());
        }
        ...
}

now have a nice baking day....
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Prof. No Time

Re: Auth Component does not logout via URL

Reply Threaded More More options
Print post
Permalink

Thanks very very much RobustSolution, I have applied your logic. Its
ok though I didn't use the "famous" remember me here checkbox. I have
studied the issue and finally discovered that it is a fault of the
BUGGY INTERNET EXPLORER that keeps CACHING the page instead of
visiting the SERVER for proper details (Stupid Explorer!!!). Please
can you help me out on how to prevent caching of the LOGOUT page by
such browsers?

Cheers in ADV.

On Nov 2, 3:29 pm, robustsolution <[hidden email]> wrote:

> Prof.NoTime
>
> try to take a coffee cup and get relaxed, this is my current solution/
> tips/tricks for the moment
>
> 1)put this in your AppController class
> final protected function _logout() {
>         if (!empty($this->Cookie)) {
>                 //this ensures if you were using the Cookie component along with the
> Auth component (the famous remember me checkbox)
>                 //and you have saved the credentials inside cookie
>                 //you should delete the credentials from the cookie when you log out
>                 //noneed to verify if you have already saved the credentials inside
> cookie,noerror is thrown
>                 $this->Cookie->del($this->Auth->sessionKey);
>         }
>         return $this->Auth->logout();
>
> }
>
> 2)your UsersController class logout() method should be now like this
> public function logout() {
>         $this->redirect($this->_logout());
>
> }
>
> 3)your UsersController class beforeFilter() method/callback should be
> now like this
> public function beforeFilter() {
>         ...
>         parent::beforeFilter();
>         //please specify the always allowed actions... logout should be the
> first one of course
>         $this->Auth->allow
> ('logout','forgotpassword','resetpassword','activate','register'/* put
> here any other always-allowed action*/);
>         if ($this->Auth->user()) {
>                 if (in_array($this->params['action'],array
> ('forgotpassword','resetpassword','register','activate'))) {
>                         //if you are forgetting your password,
>                         //if you resetting your password,
>                         //if you are registering as a new user,
>                         //or if you are activating you new accout via url
>                         //you should not be logged in ... yea this is logic
>                         $this->_logout();
>                 } elseif($this->params['action']=='login') {
>                         //you are already logged in,noneed to login again
>                         $this->redirect($this->Auth->redirect());
>                 }
>         } elseif ($this->params['action']=='logout') {
>                 //you are already logged out,noneed to log out again
>                 $this->redirect($this->Auth->redirect());
>         }
>         ...
>
> }
>
> now have a nice baking day....
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

robustsolution

Re: Auth Component does not logout via URL

Reply Threaded More More options
Print post
Permalink

m really sorry for the delay but I really misunderstood the question

I don't know if you mean this

http://book.cakephp.org/view/431/disableCache


On Nov 4, 3:40 pm, "Prof. No Time" <[hidden email]>
wrote:

> Thanks very very much RobustSolution, I have applied your logic. Its
> ok though I didn't use the "famous" remember me here checkbox. I have
> studied the issue and finally discovered that it is a fault of the
> BUGGY INTERNET EXPLORER that keeps CACHING the page instead of
> visiting the SERVER for proper details (Stupid Explorer!!!). Please
> can you help me out on how to prevent caching of the LOGOUT page by
> such browsers?
>
> Cheers in ADV.
>
> On Nov 2, 3:29 pm, robustsolution <[hidden email]> wrote:
>
> > Prof.NoTime
>
> > try to take a coffee cup and get relaxed, this is my current solution/
> > tips/tricks for the moment
>
> > 1)put this in your AppController class
> > final protected function _logout() {
> >         if (!empty($this->Cookie)) {
> >                 //this ensures if you were using the Cookie component along with the
> > Auth component (the famous remember me checkbox)
> >                 //and you have saved the credentials inside cookie
> >                 //you should delete the credentials from the cookie when you log out
> >                 //noneed to verify if you have already saved the credentials inside
> > cookie,noerror is thrown
> >                 $this->Cookie->del($this->Auth->sessionKey);
> >         }
> >         return $this->Auth->logout();
>
> > }
>
> > 2)your UsersController class logout() method should be now like this
> > public function logout() {
> >         $this->redirect($this->_logout());
>
> > }
>
> > 3)your UsersController class beforeFilter() method/callback should be
> > now like this
> > public function beforeFilter() {
> >         ...
> >         parent::beforeFilter();
> >         //please specify the always allowed actions... logout should be the
> > first one of course
> >         $this->Auth->allow
> > ('logout','forgotpassword','resetpassword','activate','register'/* put
> > here any other always-allowed action*/);
> >         if ($this->Auth->user()) {
> >                 if (in_array($this->params['action'],array
> > ('forgotpassword','resetpassword','register','activate'))) {
> >                         //if you are forgetting your password,
> >                         //if you resetting your password,
> >                         //if you are registering as a new user,
> >                         //or if you are activating you new accout via url
> >                         //you should not be logged in ... yea this is logic
> >                         $this->_logout();
> >                 } elseif($this->params['action']=='login') {
> >                         //you are already logged in,noneed to login again
> >                         $this->redirect($this->Auth->redirect());
> >                 }
> >         } elseif ($this->params['action']=='logout') {
> >                 //you are already logged out,noneed to log out again
> >                 $this->redirect($this->Auth->redirect());
> >         }
> >         ...
>
> > }
>
> > now have a nice baking day....
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Free Embeddable Forum Powered by Nabble Help