internal API, validatelogin, external login page

[alturic]

Hey guys, I'm using validatelogin (internal api) and while the docs say that it returns userid and hash so you can then set the two session values, it appears as though validatelogin is already setting the session or something? As an example, I have test.php, which strictly does validatesession. It returns successfully, and then if I goto our clientarea.php we're already logged into that client? If I log-out, and refresh clientarea.php we are still logged out, and then if I goto our test page, it validates the user/password combo and then if I go back to clientarea.php the new client is logged in.

 

I was under the impression validatelogin simply returns data and doesn't actually initiate any sessions or anything?

[sentq]

I was under the impression validatelogin simply returns data and doesn't actually initiate any sessions or anything?

yes it will initiate login session while validating login details

[alturic]

yes it will initiate login session while validating login details

 

It seems like everything "works", until you close the browser. Anyway to have a remember me option passed to the internal API to it sets the cookie as well when it starts the session?

[alturic]

Honestly, I think it's something with PHP and sessions. It's writing sessions to the tmp directory for sessions and they work, but remember me isn't working.

 

So at this point, forget any API stuff, going to my install directory and logging in, works. Going to my install directory and logging in with remember me checked, does NOT work when you close the browser and come back.

 

EDIT: Upon further testing, I don't believe it's anything on the server as admin and master client logins all work, and are saved and restored upon browser exit and reopen. It's only the subaccounts that do not "remember me"...

Edited August 15, 2016 by alturic