Sessions and route configuration

I have implemented the code in this section (link removed)

Everything appears to be working except that it hangs and crashes on logout.

I changed the below and this appears to have fixed it.
Is my thinking correct?

I.e. for the src/Action/Auth/LogoutAction.php I changed the following code.

           // Redirect back to the login page
           $url = $routeParser->urlFor('login');
        //   return $response->withStatus(302)->withHeader('Location', $url);  <<<
       return $response->withStatus(302)->withHeader('Location', '/');  <<<

Possibly there is more to the code above that I am missing. Thanks.

I’m finding it a bit challenging to fully understand your specific issue. To provide the best possible assistance, could you please provide a bit more detail? For instance:

  1. Specific Details of the Problem: Can you describe the exact problem you’re facing with Slim? Any error messages or unexpected behavior you’re encountering would be really helpful to know.
  2. Code Snippets: If possible, could you share a snippet of the code where the issue is occurring? This will help in identifying any syntax or logical errors.
  3. Expected vs. Actual Behavior: What is the result you are expecting, and how does it differ from what you’re currently experiencing?
  4. Environment Details: Information about your development environment such as any relevant dependencies / packages could be crucial.
  5. Steps to Reproduce: If there are specific steps that lead to the problem, listing them can be very useful.

Hi there odan.
My apologies.

Let me try again with more detail.
I am looking at your book: (link removed)
The section is reproduced below

At the bottom of the code this is found:

           $url = $routeParser->urlFor('login');
        //   return $response->withStatus(302)->withHeader('Location', $url);  <<<
       return $response->withStatus(302)->withHeader('Location', '/');  <<<

Problem detected:

When I do not comment out
// return $response->withStatus(302)->withHeader('Location', $url);

and enter /logout into the url the page hangs and then crashes.
I bypassed this by replacing $url with a link back to ‘/’. Now it works.

I was just wondering if this is the correct way to handle this. I.e. possibly I am missing why $url is is used.

I want to show a simple login/logout mechanism to demonstrate the session and flash message handling.

File src/Action/Auth/LoginSubmitAction.php


namespace App\Action\Auth;

use Odan\Session\SessionInterface;
use Odan\Session\SessionManagerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\Routing\RouteContext;

final class LoginSubmitAction
    private SessionInterface $session;
    private SessionManagerInterface $sessionManager;

    public function __construct(
        SessionInterface $session,
        SessionManagerInterface $sessionManager,
    ) {
        $this->session = $session;
        $this->sessionManager = $sessionManager;

    public function __invoke(
        ServerRequestInterface $request,
        ResponseInterface $response
    ): ResponseInterface {
        $data = (array)$request->getParsedBody();
        $username = (string)($data['username'] ?? '');
        $password = (string)($data['password'] ?? '');

        // Pseudo example
        // Check user credentials. 
        // You may use an application/domain service and the database here.
        $user = null;
        if($username === 'admin' && $password === 'secret') {
            $user = 'admin';

        // Clear all flash messages
        $flash = $this->session->getFlash();

        // Get RouteParser from request to generate the urls
        $routeParser = RouteContext::fromRequest($request)->getRouteParser();

        if ($user) {
            // Login successfully
            // Clears all session data and regenerate session ID

            $this->session->set('user', $user);
            $flash->add('success', 'Login successfully');

            // Redirect to protected page
            $url = $routeParser->urlFor('users');
        } else {
            $flash->add('error', 'Login failed!');

            // Redirect back to the login page
            $url = $routeParser->urlFor('login');

        return $response->withStatus(302)->withHeader('Location', $url);

Note that the route names “users” and “login” are just an example, that must be changed according to your specific route name.

Ensure that the route names “login” and “users” are correctly defined in your application. If these routes are not defined, attempting to generate a URL for them using $routeParser->urlFor('route-name') will result in an exception. If your application uses different names for these routes, you should replace “login” and “users” with the appropriate route names.

When you mention “it crashes,” it’s important to understand what kind of error or exception is occurring. An error message or log can provide significant insights into what’s going wrong. Check your application logs or enable error reporting to capture the exact error message.

If there’s middleware that is incorrectly handling requests and causing redirect loops. Redirect loops occur when a request is continuously redirected between two or more pages, which can eventually crash the browser. This can happen if your authentication or authorization middleware redirects to a page, which then redirects back to the original request, creating an endless loop.