Create New Session Afterlogout

Hi guys

I’m having this problem where I would like to be able to use session data after a user has logged out so that depending on the situation, they are redirected to a certain page. If the session variable exists, they are shown some data, but if they refresh or land on the page by mistake, an CHttpException is thrown.

Basically I have overridden CWebUser and added a parameter to the logout method so that I can create a session variable




public function logout($destroySession=true, $setSessionVar = false)

    {

      ...stuff

      if($destroySession && $setSessionVar) {

                Yii::app()->getSession()->destroy();

                $this->afterLogout($setSessionVar);

            } elseif ($destroySession) {

                Yii::app()->getSession()->destroy();

            }



I have then overridden the afterLogout() method to start a new session if $setSessionVar is true and create the session variable:




public function afterLogout($setSessionVar = false) {

        if ($setSessionVar && ctype_alpha($setSessionVar)) {

            $session=new CHttpSession;

            $session->open();

            Yii::app()->session[$setSessionVar] = true;

        }



However when I call:




logout(true, 'testSession'); 



… and I redirect, the current session array is empty when I var_dump it on the redirected page. However when I var_dump the session inside afterLogout, it is fine. There must be a step somewhere that is clearing the new session data after calling ‘afterLogout()’??

If I set $destroySession=false, it works fine, but I don’t want any of the user’s session data to persist after logout.

Any ideas would be appreciated!

One of the more pressing issues was solved by using beforeLogin() instead.

It was because I was trying to check if the user had verified their account and of course, this should happen before logging in.

I was running this check after logging in previously, which was just silly! :wacko:

Still though, it would nice to be able to display flash messages after logging out.

I could redirect them to a landing page, but really, my code should work??