Brilliant, thanks Teodor. I think I’ve been fixated on building the site without touching code so overlooked some simple coding which I would have normally done anyway. I added a simple
if(isset($_SESSION[‘siteSecurityId’])) {
OUTPUT
}
and it’s working as it should.
You can do this without PHP - just by using dynamic attributes in Wappler.
Thanks again. Is there a tutorial for that? I’ve added a $_SESSION in the Globals section of the server actions and have added the dynamic attribute for ‘hide’ but can’t see how I put in the expression.
You don’t need to add anything in server connect.
The session is being created automatically on log in!
Check my explanation from the last post please:
@Teodor Can you explain how I add the session within Session Manager as you describe please?
Everything I enter is forced to lowercase and the binding doesn’t seem to pick up that I’m logged in.
Thanks in advance.
The session created in the server action (by log in step) is a server session.
The sessions in Session Managee in App Connect is a browser session.
You cannot pick sessions created in the server action with the session manager in app connect, as these are different things.
In order to use the session of the logged user, you can use php code:
Otherwise use a query which provides user details, and if it doesn’t return any, hide the log in button.
Thanks for clarifying.
I find this bit a little confusing. If I knew the user id to query by, then wouldn’t I already know that the user is logged in, or am I missing something here?
What I did was create a user details query to retrieve the details of the logged in user.
I then put in on my SPA index page, so it is called when the page is loaded.
I then referred to it on the SPA child pages by adding it to the show/hide dynamic attributes or server connect data displayed on the page.
It is important to note that with SPAs, any queries on the index page are not currently available in the data picker, so you would need to manually add it in.
So for example on my SPA index page, I have
<dmx-serverconnect id="sc_get_user_details" url="dmxConnect/api/tables/webu_users/public/list/get_user_details.php"></dmx-serverconnect>
On my SPA child page, I have
<p>Hello {{sc_get_user_details.data.query1[0].webu_firstname}} !!</p>
To only show the content on the SPA child page if logged in, you would add a Dynamic Attribute>Show with the {{sc_get_user_details.data.query1[0].webu_firstname}} as the When.
<p dmx-show="{{sc_get_user_details.data.query1[0].webu_firstname}}">Hello {{sc_get_user_details.data.query1[0].webu_firstname}} !!</p>
Check the docs as well:
Thanks, there’s no way I would’ve known this. Have you run into many other “gotyas” while creating a SPA with Wappler?
Just small things that are specific to SPAs. What I would recommend is searching the community with the phrase “SPA” almost anything I have encountered has been posted, but there is always the possibility of something new that has not been considered.
Thanks @Teodor - so what I’m doing at the moment is running a userDetails server action to see if they’re logged in or not, and it works great, except for one thing; when they’re not logged in I obviously get a 401 error in the console. I’ve tried handling it via the Unauthorized Dynamic Event, however, it’s not like I can select a “do nothing” action (I don’t want to do anything if it returns 401). Besides, no matter what I action I pick, the error is still thrown in the console. Eg. If I alert the error (works fine), the exception is still thrown in the browser.
How can I handle this?
So what is it actually doing then?
Well, that’s what is it supposed to do, when there’s no user logged in, the action returns status 401. What is it supposed to return when no user is logged in?
In this case, I have a register page. I’m doing the userDetails check so that if the user is already logged in, I redirect away from the register page. If they’re not logged in, ie. 401, then I want to do nothing (and leave the page render as normal).
Yes, I expect it to do that, but I would no longer expect it to throw an exception in the console if I handle the Unauthorized event (even if its Action is left empty). Ideally I’d like some way of suppressing the exception error in the console.
That’s not possible, the server doesn’t know what you are doing on the front end. It’s PHP code that runs on the server, returns the status and after that the page is rendered in your browser.
So, what’s happening on status 401 now? Isn’t it staying on your page?
Yeah, the rendering is fine thanks. Any other suggestions on how I can accomplish the same thing without throwing exceptions etc.?
In the server action you can check if the user session has a value or not, with a condition step (so without using the security provider step).
This way the response will always be 200.
Unfortunately that’s not ideal as I use the 401 response to show/hide the page content too.
What I mean is that if the user is already logged in and they visit /register, if I just do a redirect, the register page content is visible for a split-second, so I use the 401 to hide the content and then redirect. If they’re not logged in, then it will show the content (but obviously won’t redirect).
Maybe I’m going about it all wrong, I’m not sure.
You can use Set Response step and set whatever status you like in server connect/condition step.