Kohana auth counting get_user as a login?

Question

I am messing about with KO3 and the auth module, I have logins working quite well, but I have noticed that every time I refresh the page the login count for my user increments.

I am pretty sure it is coming from this section.

// Check if logged in
if ($this->auth->logged_in())
{
    // Pass user to view
    $this->view->user = $this->auth->get_user(); // Here?
}
else
{
    // Attempt auto login
    $this->auth->auto_login();

    // Check if logged in
    if ($this->auth->logged_in())
    {
        // Pass user to view
        $this->view->user = $this->auth->get_user();
    }
}

Now I am pretty sure it is the line where I pass the users object to the view. The line commented with // Here?.

I just wondered why this would increment the logins. I have checked out the source and all it is doing is reading the session variables.

EDIT

I thought I had this fixed after I had it explained to me. Apparently not. I am not pretty sure it is down to sessions, I have tried using the cookie and session classes from the GitHub repo but that made no difference.

I am not sure where to begin debugging this.

Answer 1

You're overseeing the fact that your whole else block is ambigous, because a single call to Auth_ORM::logged_in() causes the following:

Auth_ORM::logged_in() 
-> Auth_ORM::get_user() 
-> Auth_ORM::auto_login()
-> Auth_ORM::complete_login()
-> Model_Auth_User::complete_login()

So your code would practically do the same looking like this:

// Check if logged in
if ($this->auth->logged_in())
{
    // Pass user to view
    $this->view->user = $this->auth->get_user();
}

And Model_Auth_User::complete_login() is where the logins count gets incremented.

Your problem is that Auth_ORM::auto_login() is always called (either because of a PEBKAC or your session isn't ok), setting a new token instead of saving the user object into session.