HybridAuth Sessions How HybridAuth store connected users sessions
1. Introduction
When a user login via a given provider, HybridAuth Library creates a login session for the user. By default the session and will stay as long as the current PHP Sessions is still active or until Hybrid_Provider_Adapter::logout() method is called.
When started Hybrid_Auth class will check if a session has been started, if not it will try to initialize session data.
When a user is connected to your application via a given provider using hybridauth, then it should be considered as if he have 3 different sessions:
- The first one is on the provider side
- A session within hybridauth
- And another one within your application
If the first session is interrupted for some reason (if the php sessions expire, or if the user revoke the access given for your application while he still have a session with hybridaut, user disconnect form the provider, etc.) then hybridauth will no longer be able to communicate with the provider api ( Error Codes 6 or 7 ) and in this case we have to use Hybrid_Provider_Adapter::logout() to let hybridauth forget all about the user so we can try to authenticate the user again or to move on to something else.
2. Persistent sessions
If you don't want to bother your users to authorize your application each time, you can use a more persistent way to store HybridAuth data using Hybrid_Auth::getSessionData() and Hybrid_Auth::restoreSessionData().
Hybrid_Auth::getSessionData()should return a serialised array.Hybrid_Auth::restoreSessionData()should take a serialised array as parameter.
You can use thes two functions to store and restore connected users session to persist it for later use and on any backend you are using (databases, files, memcache, etc).
Examples of making persistent sessions
For the sake of this example, let assume we have a user which the id on your application is $current_user_id, and we are going to use a database table to store hybridauth session data.
- When a user want to logout from your application, then we store his hybridauth session on a users connections repository as shown on the Ex1.
- When the user come back later and connect to your application once again, you restore his hybridauth session as shown on the Ex2.
CREATE TABLE `users_connections` ( `user_id` int(11) NOT NULL COMMENT 'refer to your user id on your application', `hybridauth_session` text NOT NULL COMMENT 'will contain the hybridauth session data', `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP ) ENGINE=InnoDB;Ex1: How to grab session data:
<?php
$config = dirname(__FILE__) . '/library/hybridauth.php';
require_once( "library/Hybrid/Auth.php" );
try{
$hybridauth = new Hybrid_Auth( $config );
// authenticate the current user with Twitter
$twitter = $hybridauth->authenticate( "Twitter" );
$facebook = $hybridauth->authenticate( "Facebook" );
$google = $hybridauth->authenticate( "Google" );
/* ... */
// call Hybrid_Auth::getSessionData() to get stored data
$hybridauth_session_data = $hybridauth->getSessionData();
// then store it on your database or something
store_hybridauth_session( $current_user_id, $hybridauth_session_data );
}
catch( Exception $e ){
echo "Ooophs, we got an error: " . $e->getMessage();
}
// define a function to store it on whatever storage you want to use
function store_hybridauth_session( $user_id, $data ){
$sql = "INSERT INTO users_connections ( user_id, hybridauth_session ) VALUES ( $user_id , $data )";
// ..
}
Ex2: How to restore session:
After restoring hybridauth session, you can use Twitter adapter as if we already had authenticated the current user with (Twitter).
<?php
$config = dirname(__FILE__) . '/library/hybridauth.php';
require_once( "library/Hybrid/Auth.php" );
try{
$hybridauth = new Hybrid_Auth( $config );
// get the stored hybridauth data from your storage system
$hybridauth_session_data = get_stored_hybridauth_session( $current_user_id );
// then call Hybrid_Auth::restoreSessionData() to get stored data
$hybridauth->restoreSessionData( $hybridauth_session_data );
// call back an instance of Twitter adapter
$twitter = $hybridauth->getAdapter( "Twitter" );
// regrab te user profile
$user_profile = $twitter->getUserProfile();
// ..
}
catch( Exception $e ){
echo "Ooophs, we got an error: " . $e->getMessage();
}
// define a function to get the stored hybridauth data back from your storage system
function get_stored_hybridauth_session( $user_id ){
$sql = "SELECT FROM users_connections WHERE user_id = $user_id ";
return ...
}