We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

flashSession issue with empty messages

In my controller actions this always works:

$this->flashSession->error('You must login');
return $this->response->redirect('/login');

If I put that code in the controller's beforeExecuteRoute() method it works. However, if I put it in the parent controller (ControllerBase) beforeExecuteRoute() method it doesnt work unless I use $this->view->disable()

Anybody know what my issue might be?



98.9k

Try returning false:

$this->flashSession->error('You must login');
$this->response->redirect('login');
return false;


16.2k

Nope that doesnt work either. Heres my the actual code:

class SessionController extends ControllerBase
{

    // Change Main Layout
    public function initialize()
    {
        $this->view->setMainView('plain');
    }

    // CHECK CSRF TOKEN
    public function beforeExecuteRoute(Dispatcher $dispatcher)
    {

        $action = $dispatcher->getActionName();
        $isPost = $this->request->isPost();
        if ($isPost && $action == 'login') {
            if (!$this->security->checkToken()) {
                throw new \Phalcon\Exception('Invalid security token');
            }
        } elseif ($action == 'logout') {
            $key = $this->request->getQuery('key');
            $val = $this->request->getQuery('val');
            if (!$this->security->checkToken($key, $val)) {
                throw new \Phalcon\Exception('Invalid security token', 401);
            }
        }

        return parent::beforeExecuteRoute($dispatcher);
    }

    public function loginAction()
    {
        $user = new User();
        $form = new \Admin\Forms\LoginForm($user);

        if (!$this->webuser->isGuest()) {
            throw new \Phalcon\Exception('You are already logged in');
        }

        if ($this->request->isPost()) {
            if ($form->isValid($_POST, $user) && $form->authenticate() ) {
                if ($form->login() === true) {
                    $name = $this->webuser->get('username');
                    $this->flashSession->success("Welcome {$name}");
                    return $this->response->redirect('/');
                }
            }
            $this->flashSession->error($form->getAuthMessage());
        }

        $this->tag->setTitle("Login");
        $this->view->setVar('form', $form);
    }
class ControllerBase extends \Phalcon\Mvc\Controller
{
    /**
     * Before every action, check if user is guest, but has remember me cookie token.
     * If unable to login user in throw new exception. All backend methods require authorization.
     *
     * @param \Phalcon\Mvc\Dispatcher $dispatcher
     */
    public function beforeExecuteRoute(Dispatcher $dispatcher)
    {
        $this->registry->csrfKey = $this->security->getTokenKey();
        $this->registry->csrfVal = $this->security->getToken();

        $controller = $dispatcher->getControllerName();
        $action = $dispatcher->getActionName();

        // CHECK A USER IS LOGGED IN
        if ( ($controller !== 'session' && $action !== 'login') && $this->webuser->isGuest()) {
            if ($this->webuser->hasRememberToken()) {
                if ($this->webuser->loginUsingRememberToken() ) {
                    return true;   
                }
            } else {
                $this->flashSession->error('You must login');
                $this->view->disable();
                return $this->response->redirect('/login');
            }

            throw new \Phalcon\Exception('You are unauthorized to be here', 401);
        }
    }

}


98.9k

You have to return 'false' to stop the 'beforeExecuteRoute'



16.2k

I tried your code in the first comment and it didnt work. It only seems to work with view->disable()

You were saying in ControllerBase::beforeExecuteRoute() I should have this right?

$this->flashSession->error('You must login');
$this->response->redirect('/login');
return false;

Thanks for your help. Its not a big deal since it works with view->disable() I was just trying to understand why returning response->redirect() wasnt working.



98.9k
Accepted
answer

Because you need both return a response: $this->response->redirect('/login') and return false, so you have also view->disable() to avoid the view being rendered and return false:

$this->response->redirect('/login');
$this->view->disable();
return false;

or:

$dispatcher->setReturnedValue($this->response->redirect('/login'));
return false;


16.2k

Thanks for the explanation!