Hey, i’m using the examples provided and simply trying to go back to the same login page after the user is logged in, so if auth0 has got a user then we don’t hit the login method, I have more code below to run after they have logged in.
Issue i’m having is that after I login, then logout, the user still appears to be logged in, so my steps:
- Login through
login.php.
- Directed back to
login.php and the users details are displayed.
- Logout in
logout.php, get directed to /.
- Go to
login.php and the users details are displayed, but I should be getting sent to the login form.
login.php
/** @noinspection PhpUnhandledExceptionInspection*/
$auth0 = new Auth0([
'domain' => AUTH0_DOMAIN,
'client_id' => AUTH0_CLIENT_ID,
'client_secret' => AUTH0_CLIENT_SECRET,
'redirect_uri' => DMS_URL.'/login.php'
]);
if (!$user = $auth0->getUser()) {
$auth0->login();
}
dd($user);
logout.php
/** @noinspection PhpUnhandledExceptionInspection*/
$auth0 = new Auth0([
'domain' => AUTH0_DOMAIN,
'client_id' => AUTH0_CLIENT_ID,
'client_secret' => AUTH0_CLIENT_SECRET,
'redirect_uri' => DMS_URL.'/'
]);
$auth0->logout();
$return_to = DMS_URL.'/';
$logout_url = sprintf('http://%s/v2/logout?client_id=%s&returnTo=%s', AUTH0_DOMAIN, AUTH0_CLIENT_ID, $return_to);
header('Location: ' . $logout_url);
Edit:
So, after some investigation is appears that even after hitting the logout page, the $_SESSION('auth0__user') key isn’t being cleared. Due to the documentation using getUser() to distinguish if a user is logged in, it doesn’t make sense for Auth0 to not clear this by default?
Hey there!
I’m not a PHP guy but maybe our PHP quickstart can be of any help here especially section about logout:
also this one:
Strangely enough, ive just tested this code again this morning and now it appears to be working as expected! Very strange, I will keep in mind them links though, thank-you.
1 Like
Perfect! Glad to hear that!
Hi, turns out this issue is not resolved. I will update my question with what I have found out.
Ahh. Sure provide more details so we can try debug it further!
Already added at the bottom of my post.
1 Like
So basic logout (covered on Auth0-PHP Basic Use) closes the session in your application, but for customers using Single Sign-on (SSO), you also need to close the session at Auth0.
Ref:
https://auth0.com/docs/libraries/auth0-php/using-the-authentication-api-with-auth0-php
- How to log users out of Auth0
https://auth0.com/docs/logout/log-users-out-of-auth0
I have tried this already and it doesn’t appear to work, I can still called getUser and return a user after I have hit the log out script.
logout.php
use Auth0\SDK\Auth0;
/** @noinspection PhpUnhandledExceptionInspection*/
$auth0 = new Auth0([
'domain' => AUTH0_DOMAIN,
'client_id' => AUTH0_CLIENT_ID,
'client_secret' => AUTH0_CLIENT_SECRET,
'redirect_uri' => "http://{$_SERVER['HTTP_HOST']}/dealer_interface_login.php"
]);
$auth0->logout();
$return_to = DMS_URL.'/dealer_interface_login.php';
$logout_url = sprintf('http://%s/v2/logout?client_id=%s&returnTo=%s&federated', AUTH0_DOMAIN, AUTH0_CLIENT_ID, $return_to);
header('Location: ' . $logout_url);
Hi, sorry I just realized I forgot to include my session script as we use regis! So the logout script was attempting to clear a normal PHP session rather than the regis session!
1 Like
Glad you have found it! Thanks for sharing with the rest of community forum!