New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Application state is not stored #1288

Closed
leofeyer opened this Issue Jan 4, 2018 · 11 comments

Comments

Projects
None yet
2 participants
@leofeyer
Member

leofeyer commented Jan 4, 2018

It seems that in Contao 4.5 the application state is not stored in the session anymore. Open palettes, active filters etc. are reset after each logout.

@leofeyer leofeyer added the defect label Jan 4, 2018

@leofeyer leofeyer added this to the 4.5.2 milestone Jan 4, 2018

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 4, 2018

Member

We have to add the user session data in AuthenticationSuccessHandler::onAuthenticationSuccess().

Member

leofeyer commented Jan 4, 2018

We have to add the user session data in AuthenticationSuccessHandler::onAuthenticationSuccess().

@leofeyer leofeyer self-assigned this Jan 4, 2018

leofeyer added a commit that referenced this issue Jan 4, 2018

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 4, 2018

Member

Fixed in 2b627d4.

Member

leofeyer commented Jan 4, 2018

Fixed in 2b627d4.

@leofeyer leofeyer closed this Jan 4, 2018

@aschempp

This comment has been minimized.

Show comment
Hide comment
@aschempp

aschempp Jan 5, 2018

Contributor

I'm not sure this is entirely correct. It means the session is only loaded from database on the actual login. Not sure it will be done on remember_me and it certainly will not be done on each request. And I'm pretty sure that was previously the case.

Contributor

aschempp commented Jan 5, 2018

I'm not sure this is entirely correct. It means the session is only loaded from database on the actual login. Not sure it will be done on remember_me and it certainly will not be done on each request. And I'm pretty sure that was previously the case.

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 5, 2018

Member

This is just one additional step, I did not remove the existing UserSessionListener.

Member

leofeyer commented Jan 5, 2018

This is just one additional step, I did not remove the existing UserSessionListener.

@aschempp

This comment has been minimized.

Show comment
Hide comment
@aschempp

aschempp Jan 5, 2018

Contributor

Can you explain why your fix works? The UserSessionListener should initialize the session data on kernel.request priority 0. Why would you need to do the same again at priority 8 (firewall listener)?

Contributor

aschempp commented Jan 5, 2018

Can you explain why your fix works? The UserSessionListener should initialize the session data on kernel.request priority 0. Why would you need to do the same again at priority 8 (firewall listener)?

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 5, 2018

Member

Because the firewall redirects after a successful login so any listener below priority 8 is never executed.

Member

leofeyer commented Jan 5, 2018

Because the firewall redirects after a successful login so any listener below priority 8 is never executed.

@aschempp

This comment has been minimized.

Show comment
Hide comment
@aschempp

aschempp Jan 7, 2018

Contributor

Why would that matter? After the redirect the session should be loaded again? The only reason I can think of is that the save handler is still executed and overwrites the user data. However, if that is the case, then the handling is wrong because the session must never be saved to the user if it was not loaded before. The redirect could come from anywhere…

Contributor

aschempp commented Jan 7, 2018

Why would that matter? After the redirect the session should be loaded again? The only reason I can think of is that the save handler is still executed and overwrites the user data. However, if that is the case, then the handling is wrong because the session must never be saved to the user if it was not loaded before. The redirect could come from anywhere…

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 7, 2018

Member

You may be right. Feel free to provide a better implementation.

Member

leofeyer commented Jan 7, 2018

You may be right. Feel free to provide a better implementation.

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 7, 2018

Member

Ok, so the problem is that $token->getUser() in

$user = $token->getUser();
if (!$user instanceof User) {
return;
}
$session = $user->session;

only returns the incomplete, unserialized User object upon login. Therefore $user->session is empty and the existing session data is overwritten.

Member

leofeyer commented Jan 7, 2018

Ok, so the problem is that $token->getUser() in

$user = $token->getUser();
if (!$user instanceof User) {
return;
}
$session = $user->session;

only returns the incomplete, unserialized User object upon login. Therefore $user->session is empty and the existing session data is overwritten.

@aschempp

This comment has been minimized.

Show comment
Hide comment
@aschempp

aschempp Jan 8, 2018

Contributor

Why would the user not be complete? And why is the listener (priority 0) even executed when the firewall redirects on priority 8?

Contributor

aschempp commented Jan 8, 2018

Why would the user not be complete? And why is the listener (priority 0) even executed when the firewall redirects on priority 8?

@leofeyer

This comment has been minimized.

Show comment
Hide comment
@leofeyer

leofeyer Jan 8, 2018

Member

I might have been wrong about the redirect. You may want to debug this yourself.

Member

leofeyer commented Jan 8, 2018

I might have been wrong about the redirect. You may want to debug this yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment