Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

After logging out, qa_is_logged_in() returns true when called outside the q&a application

+1 vote
44 views
asked Apr 16 in Q2A Core by galanta
edited Apr 16 by galanta

Hello, I want to use my q&a  users in another application, so I found out that first I have to call qa-base.php and qa-app-users.php and then use functions that would normally do the job, for example qa_is_logged_in() which will return true if the user is logged in or null otherwise.

Though, when I test it, it appears that even if the user logs out, this function still returns true until I close the browser. In the meantime, the q&a application is not accesible, meaning that the user is logged out and can't use the application, but still the function returns true when I call it in my scripts.

Having a look at the cookies, it seems that there is a session cookie remaining there, after logging out which is to blame about. If I delete it manually, using the browser's button, then the function returns false which is the desired result. However, it must work automatically, after logging out.

Is there some reason why this would work that way? I tried all the functions in users.php, they all return values and none of them returns null after logging out. And if I close the browser, they all return null.

Also something weird. If user A logs in and I call the qa_get_logged_in_handle() function, I get user A handle which is fine. If user A logs out, then the qa_get_logged_in_handle() function still returns user A handle. And now the weird part. If user B logs in afterwards, then qa_get_logged_in_handle()  function still returns user A handle... something is wrong with sessions I guess.

Please let me know if there is any idea of hot to solve this.

ps: I found here, an older question of a person who ran 3 installations in the same server, with the same userbase and he said that when he logged out in one of them, the system kept him logged in the others. He described the problem similarly and mentioned the same issue with session cookies. But that was with an older version and not exactly the same problem with mine.

Q2A version: 1.7.4
commented Apr 17 by sama55
Perhaps "remember" option does not matter. The cause may be plugin OR your application side. Do my sample source work correctly in your environment?

And, did you grep "u_logout" string for the whole source? Login data is cached in PHP global variables. So, if there is processing to establish session again in u_logout event process, session cookie may remain.
commented Apr 17 by galanta
The only thing I had changed in the whole code was to comment 4 lines in the login.php, in the part that handles the 'remember' field. All the rest was just the original code, nothing changed. Also, I don't use any plugin but I use the esteem theme. In general, it is the default installation with the removal of the remember staff in the login screen and the use of esteem theme.

Your code doesn't work as expected in my side. It has the same issues with my examples exactly. Also, I want to make clear that not only it returns true to the logged in function, but it also returns all the corresponding values. For example, if I use the qa_get_logged_in_userid() after having logged out, I get the user id, the same with the user level, handle etc. It seems that it remembers all login information.

Thanks for your interest

Please log in or register to answer this question.

...