diff --git a/src/Extensions/RememberLoginHashExtension.php b/src/Extensions/RememberLoginHashExtension.php index 5457031..1b73997 100644 --- a/src/Extensions/RememberLoginHashExtension.php +++ b/src/Extensions/RememberLoginHashExtension.php @@ -8,6 +8,7 @@ use SilverStripe\Security\RememberLoginHash; use SilverStripe\SessionManager\Models\LoginSession; use SilverStripe\SessionManager\Security\LogInAuthenticationHandler; +use SilverStripe\SessionManager\Middleware\LoginSessionMiddleware; /** * @method LoginSession LoginSession() @@ -33,9 +34,15 @@ protected function onAfterGenerateToken(): void } /** + * Overwrites the core session variable with the LoginSession record ID + * during session renewal when the user selects 'remember me' (ALC). + * This works in tandem with LoginSessionMiddleware, and avoids the + * overhead of an additional DB query. + * + * @see LoginSessionMiddleware * @return void */ - protected function onAfterRenewToken(): void + protected function onAfterRenewSession(): void { $loginHandler = Injector::inst()->get(LogInAuthenticationHandler::class); $request = Injector::inst()->get(HTTPRequest::class); diff --git a/src/Middleware/LoginSessionMiddleware.php b/src/Middleware/LoginSessionMiddleware.php index e036b95..5320c32 100644 --- a/src/Middleware/LoginSessionMiddleware.php +++ b/src/Middleware/LoginSessionMiddleware.php @@ -31,6 +31,8 @@ public function process(HTTPRequest $request, callable $delegate) } try { + // Extract the session identifier (when this module is installed, the session identifier is set to the + // LoginSession ID rather than the RememberLoginHash ID, to avoid an extra query to get the related model.) $loginSessionID = $request->getSession()->get($loginHandler->getSessionVariable()); $loginSession = LoginSession::get_by_id($loginSessionID); diff --git a/src/Security/LogInAuthenticationHandler.php b/src/Security/LogInAuthenticationHandler.php index 055bd4a..5ec2342 100644 --- a/src/Security/LogInAuthenticationHandler.php +++ b/src/Security/LogInAuthenticationHandler.php @@ -100,6 +100,8 @@ public function logIn(Member $member, $persistent = false, ?HTTPRequest $request $rememberLoginHash->write(); } + // Overwrite the session identifier, storing the LoginSession ID instead of the RememberLoginHash ID. + // This is read by LoginSessionMiddleware, and avoids an extra query to fetch the related model. if ($request) { $request->getSession()->set($this->getSessionVariable(), $loginSession->ID); }