We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

flashSession issue with empty messages

In my controller actions this always works:

$this->flashSession->error('You must login');
return $this->response->redirect('/login');

If I put that code in the controller's beforeExecuteRoute() method it works. However, if I put it in the parent controller (ControllerBase) beforeExecuteRoute() method it doesnt work unless I use $this->view->disable()

Anybody know what my issue might be?



98.9k

Try returning false:

$this->flashSession->error('You must login');
$this->response->redirect('login');
return false;


16.1k

Nope that doesnt work either. Heres my the actual code:

class SessionController extends ControllerBase
{

    // Change Main Layout
    public function initialize()
    {
        $this->view->setMainView('plain');
    }

    // CHECK CSRF TOKEN
    public function beforeExecuteRoute(Dispatcher $dispatcher)
    {

        $action = $dispatcher->getActionName();
        $isPost = $this->request->isPost();
        if ($isPost && $action == 'login') {
            if (!$this->security->checkToken()) {
                throw new \Phalcon\Exception('Invalid security token');
            }
        } elseif ($action == 'logout') {
            $key = $this->request->getQuery('key');
            $val = $this->request->getQuery('val');
            if (!$this->security->checkToken($key, $val)) {
                throw new \Phalcon\Exception('Invalid security token', 401);
            }
        }

        return parent::beforeExecuteRoute($dispatcher);
    }

    public function loginAction()
    {
        $user = new User();
        $form = new \Admin\Forms\LoginForm($user);

        if (!$this->webuser->isGuest()) {
            throw new \Phalcon\Exception('You are already logged in');
        }

        if ($this->request->isPost()) {
            if ($form->isValid($_POST, $user) && $form->authenticate() ) {
                if ($form->login() === true) {
                    $name = $this->webuser->get('username');
                    $this->flashSession->success("Welcome {$name}");
                    return $this->response->redirect('/');
                }
            }
            $this->flashSession->error($form->getAuthMessage());
        }

        $this->tag->setTitle("Login");
        $this->view->setVar('form', $form);
    }
class ControllerBase extends \Phalcon\Mvc\Controller
{
    /**
     * Before every action, check if user is guest, but has remember me cookie token.
     * If unable to login user in throw new exception. All backend methods require authorization.
     *
     * @param \Phalcon\Mvc\Dispatcher $dispatcher
     */
    public function beforeExecuteRoute(Dispatcher $dispatcher)
    {
        $this->registry->csrfKey = $this->security->getTokenKey();
        $this->registry->csrfVal = $this->security->getToken();

        $controller = $dispatcher->getControllerName();
        $action = $dispatcher->getActionName();

        // CHECK A USER IS LOGGED IN
        if ( ($controller !== 'session' && $action !== 'login') && $this->webuser->isGuest()) {
            if ($this->webuser->hasRememberToken()) {
                if ($this->webuser->loginUsingRememberToken() ) {
                    return true;   
                }
            } else {
                $this->flashSession->error('You must login');
                $this->view->disable();
                return $this->response->redirect('/login');
            }

            throw new \Phalcon\Exception('You are unauthorized to be here', 401);
        }
    }

}


98.9k

You have to return 'false' to stop the 'beforeExecuteRoute'



16.1k

I tried your code in the first comment and it didnt work. It only seems to work with view->disable()

You were saying in ControllerBase::beforeExecuteRoute() I should have this right?

$this->flashSession->error('You must login');
$this->response->redirect('/login');
return false;

Thanks for your help. Its not a big deal since it works with view->disable() I was just trying to understand why returning response->redirect() wasnt working.



98.9k
Accepted
answer

Because you need both return a response: $this->response->redirect('/login') and return false, so you have also view->disable() to avoid the view being rendered and return false:

$this->response->redirect('/login');
$this->view->disable();
return false;

or:

$dispatcher->setReturnedValue($this->response->redirect('/login'));
return false;


16.1k

Thanks for the explanation!