1

I'm developing a website with angular js as front end and PHP as back-end. users can login, use their profile- view and edit it and logout as well.

I'm able to do all that but after sometimes, i think session expires or something, I don't get any values in the front end. His/her profile looks empty and when I click on a link or something, I get redirected to login page.

I'm using local storage to save a token returned by tha php api. ALso while authenticating a login, I save some values in session using PHP.

I think it's an angular issue. But I'm not quite sure why or what's causing it.

Can anyone help me figure this out?

function login()
{
    $data= array();
    $username=validate_input($_POST['username']);
    $password=validate_input($_POST['password']);

    $qry="SELECT * FROM entrp_login where email='".$username."' AND password='".md5($password)."' ";
    $res=getData($qry);
    $count_res=mysqli_num_rows($res);
    if($count_res>0)
    {
        while($row=mysqli_fetch_array($res))
        {
            $data['firstname']  =   $row['firstname'];
            $data['lastname']       =   $row['lastname'];
            $data['id']             =   $row['clientid'];
            $data['username']       =   $row['username'];
            $data['success']        = true;
            $data['msg']            = 'Valid User';

            //generate a client token
            $client_session_token='thisisdumytoken'

            //set session
            session_start();
            $_SESSION['id']                 = $data['id'];
            $_SESSION['firstname']      = $data['firstname'];
            $_SESSION['lastname']       = $data['lastname'];
            $_SESSION['login_token']    = $client_session_token;
            $_SESSION['username']      = $data['username']; 

            $data['login_token']            = $client_session_token;

        }
    }
    else
    {
        $data['success'] = false;
        $data['msg'] = 'Please check your credentials once again';
    }

    return $data;
}

My angular function (fragment of code) where i set localstorage

// function to submit the form after all validation has occurred            
            vm.login = function(isValid) 
            {
                // check to make sure the form is completely valid
                if (isValid) 
                {
                     //alert('isValid');
                    $http({
                      method: 'post',
                      url: baseUrl+'login',
                      data: $.param($scope.vm),
                      headers: {'Content-Type': 'application/x-www-form-urlencoded'}
                    })
                    .success(function(data, status, headers, config) 
                    {
                        if(data.success)
                        {
                            //alert(data.msg);
                            //localStorage.clear();
                            if (localStorage['entrp_token'])
                            {
                                localStorage.removeItem('entrp_token');
                            }                               
                            localStorage.setItem("entrp_token", JSON.stringify(data.login_token));

                            $location.path('/home');
                        }
                        else
                        {
                            //alert('invalid 1');
                            //alert(data.msg);

                            if (localStorage['entrp_token'])
                            {
                                localStorage.removeItem('entrp_token');
                            }

                            //localStorage.clear();
                            vm.errorMessage = data.msg;
                        }
                    }).
                    error(function(data, status, headers, config) 
                    {
                        //alert('invalid 2');
                        if (localStorage['entrp_token'])
                        {
                            localStorage.removeItem('entrp_token');
                        }
                        //localStorage.clear();
                        vm.errorMessage = data.msg;
                    });
                }
            };
Smokey
  • 1,857
  • 6
  • 33
  • 63
  • 3
    Have you configured the session timeout in PHP in any way? btw Please don't use MD5 to store user passwords. Please use PHP's [built-in functions to handle passwords](http://php.net/manual/en/ref.password.php) ([tutorial](http://jayblanchard.net/proper_password_hashing_with_PHP.html)). If you're using a PHP version less than 5.5 you can use the password_hash() [compatibility pack](https://github.com/ircmaxell/password_compat). – JimL Jul 10 '16 at 10:17
  • I didn't do anything for session timeout. Session will be destroyed only when a user clicks logout. @JimL – Smokey Jul 10 '16 at 10:20
  • 1
    Check the session settings, it comes default with some timeouts set – JimL Jul 10 '16 at 10:22
  • Where can I check it? I really don't know how to do that. All I do is session setting as you see in login function and session destroy. @JimL – Smokey Jul 10 '16 at 10:31
  • http://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php – JimL Jul 10 '16 at 10:32

0 Answers0