0
Welcome Guest! Login
0 items Join Now

Joomla Security Token Code in Cookie 3.x

Last Post
Search Topic

  • Joomla Security Token Code in Cookie 3.x

    Posted 11 years 6 months ago
    • I posted this question in the Joomla forum. There seem to be a lot of very bright people here and thought I would ask.

      Is it possible to verify a logged in user's assigned access level using the security token in the Joomla user's session cookie? We are using an asp.net application to access an outside database and it would be helpful to know the assigned Joomla user's access level. Is this stored temporarily in the Joomla PHP database or in memory? Any tips on how to relate the cookie to the user's security level will be greatly appreciated.
    #1026344
    • Roeland_A!'s Avatar
    • Roeland_A!
    • Preeminent Rocketeer
    • Posts: 10193
    • Thanks: 71

    Re: Joomla Security Token Code in Cookie 3.x

    Posted 11 years 5 months ago
    • Did you check the joomlauser plugin? That tells you part of the story.
                // Authorise the user based on the group information
          if (!isset($options['group'])) {
               $options['group'] = 'USERS';
          }

      The user is logged in and then the database accessed to see what level of access someone has.
      Then session data is saved in the database:
      // Update the user related fields for the Joomla sessions table.
          $db->setQuery(
               'UPDATE '.$db->quoteName('#__session') .
               ' SET '.$db->quoteName('guest').' = '.$db->quote($instance->get('guest')).',' .
               '    '.$db->quoteName('username').' = '.$db->quote($instance->get('username')).',' .
               '    '.$db->quoteName('userid').' = '.(int) $instance->get('id') .
               ' WHERE '.$db->quoteName('session_id').' = '.$db->quote($session->getId())
          );
          $db->execute();
      Maybe that helps you figure it out.
      I am unsure whether the access level is kept in the cookie itself.
    • *Karma comes in many forms, my personal favourite is the random saucepan from the sky* J.Spencer 17-02-2009
    #1026413

  • Re: Joomla Security Token Code in Cookie 3.x

    Posted 11 years 5 months ago
    • Thank you for taking the time to reply. Your information was very helpful. Here's is the response we received in the Joomla forum. The access level is not in the cookie, but we can get there from here.

      You get the row of the session table by searching for session_id which matches the value field of the session cookie. You can then use the userid of the session row as an argument to look up from the table user_usergroup_map the group_id of each usergroup the user is a member of.
    #1026646
    • Roeland_A!'s Avatar
    • Roeland_A!
    • Preeminent Rocketeer
    • Posts: 10193
    • Thanks: 71

    Re: Joomla Security Token Code in Cookie 3.x

    Posted 11 years 5 months ago
    • You are welcome, thanks for sharing the info!
    • *Karma comes in many forms, my personal favourite is the random saucepan from the sky* J.Spencer 17-02-2009
    #1026687

Time to create page: 0.057 seconds