Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Jonathan Grieve
Treehouse Moderator 91,253 PointsLogout link and user profile not functioning
Hi all,
So I went ahead to the end of the third section of the course despite the fact the logout link wasn't working.
The current behaviour is as follows
Logout Link sends me to the login form to log in again, but if I then click on other links in top navigation, the website acts as if I am still logged in and still displays the logout link.
I updated the display_success function from the teachers notes as I still wasn't fully sure how to add the rest of the flash messages (error or success) but....
I get a red error with a general message something went wrong, not specifically about an incorrect current password.
Hope this makes it clear. :)
Here's a link to my latest repo https://github.com/jg-digital-media/php_auth (I'm sorry some redirects will not work due to my file setup on localhost) :) Thanks!
3 Answers
Benjamin Larson
34,055 Points1 - I can't seem to replicate the behavior you are describing when logging out. I thought it happened once where it was still behaving like I was logged in, but I can't get it to happen again. I did, however notice a mistake in your doLogin.php:
<?php
'sub' => "{$user['id']}",
You were missing the ($) in front of user, so the actual user_id wasn't being saved in the cookie. Though I doubt that particular issue was a problem with the logout, it would be with other functions.
2 - For the FlashBag messages, you need to add these two lines to any page that might display them:
<?php echo display_errors(); ?>
<?php echo display_success(); ?>
Basically, any page that you redirect to after a potential success/error should have those lines. The template works best when you put them under an <h2> element for the given page. You should probably include them in all the "views" (index, account, add, edit, login, register).
3 - Here's the entirety of my doLogin.php to see example usages for for FlashBag messages
<?php
require __DIR__ . '/../inc/bootstrap.php';
$user = findUserByEmail(request()->get('email'));
if (empty($user)) {
$session->getFlashBag()->add('error', 'Username was not found');
redirect('/login.php');
}
if (!password_verify(request()->get('password'), $user['password'])) {
$session->getFlashBag()->add('error', 'Incorrect password');
redirect('/login.php');
}
$expTime = time() + 3600;
$jwt = \Firebase\JWT\JWT::encode([
'iss' => request()->getBaseUrl(),
'sub' => "{$user['id']}",
'exp' => $expTime,
'iat' => time(),
'nbf' => time(),
'is_admin' => $user['role_id'] == 1
], getenv("SECRET_KEY"),'HS256');
try {
$accessToken = new Symfony\Component\HttpFoundation\Cookie('access_token', $jwt, $expTime, '/', getenv('COOKIE_DOMAIN'));
} catch (\Exception $e) {
throw $e;
}
$session->getFlashBag()->add('success', 'Logged In.');
redirect('/', ['cookies' => [$accessToken]]);
Brian Ball
23,661 PointsMake sure the paths for writing cookies are the same in all the places. If you're just using '/' it should be easy, but that little bug caused me a little "research".
Jonathan Grieve
Treehouse Moderator 91,253 PointsHi Brian, this is gettng on for a year ago now, but all my cookies and file paths always included a folder as I have so many projects on my local server! :-)
Brian Ball
23,661 PointsIf that's the case, like it was in mine -- I used /books as the folder for development of this mini-project off the root. So, when I was writing cookies, in one place I was writing to /books -- then, when trying to over-write the cookies, I was writing to /books/ -- those aren't the same.
I couldn't decide if I should be proud of myself for sticking with it until I figured it out -- or mad at myself for making that mistake in the first place. I guess being persistent and getting the desired result is the main thing.
Jonathan Grieve
Treehouse Moderator 91,253 PointsJonathan Grieve
Treehouse Moderator 91,253 PointsWell this is hard work.
What fixing 1. did do was make sure I was displaying the correct flash error messages for logging in. But I've tried everything I can think off for logging out including reducing the cookie expiration time (temporary solution I know) but nothing seems to work.
I'll keep at it though... see if I can find the answer and update :)
Jonathan Grieve
Treehouse Moderator 91,253 PointsJonathan Grieve
Treehouse Moderator 91,253 PointsI noticed something interesting just now.
At one point, I clicked log out and it actually worked. I saw the login and register links again but when I then clicked to log in, I was locked in again. I think the cookie may have just expired at that point.
Anyway.... Logging out, actually removes the cookies from the JWT Analyser but the links still behave as if I'm logged in. There's nothing wrong with my authorisation or authentication functions. When logged out (Expiration of the cookie will eventually affect this) these work perfectly and block access to all the relevant pages.
When logged in, I can see 1 cookie noted but no longer have access to the JWT details. When I click the logout button, the cookie disappears completely but if that's the case, there's no record of any login and the logged out state should be appearing in the navigation.
My repo is up to date with my latest work.