authentication: SessionAuthenticator `'identify' => true` config does not work

What i did:

$authenticationService->setConfig('identityClass', User::class);
$authenticationService->loadAuthenticator('Authentication.Session', [
    'fields' => [IdentifierInterface::CREDENTIAL_USERNAME => 'email'],
    'identify' => true,
]);
$authenticationService->loadIdentifier('Authentication.Password', [
    'fields' => [
        IdentifierInterface::CREDENTIAL_USERNAME => 'email',
        IdentifierInterface::CREDENTIAL_PASSWORD => 'password',
    ],
    'passwordHasher' => 'Authentication.Default',
    'resolver' => [
        'className' => 'Authentication.Orm',
        'userModel' => UsersTable::class,
        'finder' => 'session',
    ],
]);

After logging in, i manually modified logged user database row and refreshed page and identity in session did not update.

After investigation i have determined that new and updated identity that was indeed fetched from database but this condition resolves to false and this new identity value is never written to session

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (10 by maintainers)

Commits related to this issue

Most upvoted comments

Seems he might be directly accessing the session instead of getting the identity through the request or the authn service.

So don’t do that is the solution.

+1
markstory on Nov 28, 2022

Having the option to set the identity refetched from db to the session does make sense.

+1
ADmad on Nov 27, 2022
Read more comments on GitHub
← authentication: 1.1.3 & SecurityComponent yield "Bad Request".
authentication: Status Code 500 for failed stateless form authentication attempts →