Search code examples
phpcodeigniterion-auth

PHP CodeIgniter: Successful ion-auth login refreshes, signs out and redirects to login


I've recently inherited a working websites code, designed with PHP in CodeIgnitor and I'm trying to develop it further. When trying to run it locally (xampp), I've been encountering a problem:

The code builds fine and brings me to the login-page. There I log in using ion-auth, which successfully continues, saves a session (this works) and continues to the landingspage. Yet, as soon as any page is loaded after logging in, it instantly logs the user out and navigates back to the login-page.

The only things changed in code compared to the live website is the database it connects to, the base URL and some navigation. What could be the issue here? Would this be an issue with xampp, ion-auth or some configuration?

// log the user in
public function login()
{
    $this->data['title'] = $this->lang->line('login_heading');

    // validate form input
    $this->form_validation->set_rules('identity', str_replace(':', '', $this->lang->line('login_identity_label')), 'required');
    $this->form_validation->set_rules('password', str_replace(':', '', $this->lang->line('login_password_label')), 'required');

    if ($this->form_validation->run() == true)
    {
        // check to see if the user is logging in
        // check for "remember me"
        $remember = (bool) $this->input->post('remember');

        if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember))
        {
            // if the login is successful
            // redirect them back to the home page
            $this->session->set_flashdata('message', $this->ion_auth->messages());
            redirect('/', 'refresh');
        }
        else
        {
            // if the login was un-successful
            // redirect them back to the login page
            $this->session->set_flashdata('message', $this->ion_auth->errors());
            redirect('auth/login', 'refresh'); // use redirects instead of loading views for compatibility with MY_Controller libraries
        }
    }
    else
    {
        // the user is not logging in so display the login page
        // set the flash data error message if there is one
        $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');

        $this->data['identity'] = array('name' => 'identity',
            'id'    => 'identity',
            'type'  => 'text',
            'value' => $this->form_validation->set_value('identity'),
        );
        $this->data['password'] = array('name' => 'password',
            'id'   => 'password',
            'type' => 'password',
        );

        $this->_render_page('auth/login', $this->data);
    }
}

As Martin suggested, I tried out session_start(); which displayed the following:

A PHP Error was encountered
Severity: Warning

Message: ini_set(): A session is active.
You cannot change the session module's ini settings at this time

Filename: Session/Session.php

Line Number: 281

Backtrace:

File: C:\Programs\xampp\htdocs\modules\applications\azdemo\controllers\Shared.php
Line: 8
Function: __construct

File: C:\Programs\xampp\htdocs\modules\customers\azdemo\index.php
Line: 315
Function: require_once

Solution

  • Hey so I've faced the same problem. It's related to ion-auth support for php5.6 and php7.2

    They use different hashing techniques for different php versions. If you have upgraded your php version you might want to check the ion-auth config files and update the hashing method too.

    Here's a bit from the ion auth documentation:

    You can choose between bcrypt (from PHP 5.3) or argon2 (from PHP 7.2)

    Link to the documentation: ION-Auth

    Let me know if it helps and do upvote if you find it useful!