VK auth unexpected values in DB


Founder license
License owner
▶🚶‍Reproduction steps
  1. Open phpMyAdmin
  2. SELECT * FROM `chv_logins` WHERE `login_type` = 'vk'
😢Unexpected result

`login_secret` have unexpected values
Are you sure what VK auth functions has no errors?



Phoenix Foto Service
Beta tester
The same applies to a login with Google.
A value is entered in the Facebook login.
But what it is all about I can not say, can only say that there have been no complaints so far that a login does not work.
Most likely, the login for some services will be compared directly so that there is no value in the database.



Chevereto Developer
Chevereto Staff
Hey @Wink

For Chevereto versions < 3.14, the login is made using $_SESSION and the cookies are used only as a token for setting the session variable. This means that the token array values don't matter, because these are required to re-connect to the social network. You can notice this when trying to login the same account from two different clients (browsers, computers, devices, etc) and you will see that only one session will be available at the same time, this is because each time you login doing social login it refresh everything, making old KEEP_LOGIN_SOCIAL cookie obsolete.

Starting from Chevereto 3.14 this system changes, and the actual tokens are now stored as these are used to skip the connection grant/access window and all the login is now cookie based, not PHP session. Besides from having more control and allow faster login, it allows to have multiple login sessions active and control login remotely as each login token exists as a row in the login table.

What I described above is already working in the demo, and the beta for this release should be available today.