Skip to content

Commit cd6d35c

Browse files
datamwebdatamweb
committed
docs: add use session filter
1 parent 3807340 commit cd6d35c

File tree

1 file changed

+14
-3
lines changed

1 file changed

+14
-3
lines changed

docs/install.md

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@
44
- [Requirements](#requirements)
55
- [Composer Installation](#composer-installation)
66
- [Troubleshooting](#troubleshooting)
7+
- [IMPORTANT: composer error](#important-composer-error)
78
- [Initial Setup](#initial-setup)
89
- [Command Setup](#command-setup)
910
- [Manual Setup](#manual-setup)
1011
- [Controller Filters](#controller-filters)
12+
- [Protect All Pages](#protect-all-pages)
1113
- [Rate Limiting](#rate-limiting)
1214

1315
These instructions assume that you have already [installed the CodeIgniter 4 app starter](https://codeigniter.com/user_guide/installation/installing_composer.html) as the basis for your new project, set up your `.env` file, and created a database that you can access via the Spark CLI script.
@@ -140,8 +142,19 @@ use to protect your routes, `session`, `tokens`, and `chained`. The first two co
140142
to see if the user is logged in through either of authenticators, allowing a single API endpoint to
141143
work for both an SPA using session auth, and a mobile app using access tokens. The fourth, `auth-rates`,
142144
provides a good basis for rate limiting of auth-related routes.
145+
These can be used in any of the [normal filter config settings](https://codeigniter4.github.io/CodeIgniter4/incoming/filters.html#globals), or [within the routes file](https://codeigniter.com/user_guide/incoming/routing.html#applying-filters).
143146

144-
These filters are already loaded for you by the registrar class located at `src/Config/Registrar.php`.
147+
### Protect All Pages
148+
149+
If you want to limit all routes (e.g. `localhost:8080/admin`, `localhost:8080/panel` and ...), you need to add the following code in the `app\Config\Filters.php` file.
150+
151+
```php
152+
public $filters = [
153+
'session' => ['except' => ['login*', '/register*']],
154+
];
155+
```
156+
157+
> **Note** These filters are already loaded for you by the registrar class located at `src/Config/Registrar.php`.
145158
146159
```php
147160
public $aliases = [
@@ -153,8 +166,6 @@ public $aliases = [
153166
];
154167
```
155168

156-
These can be used in any of the normal filter config settings, or within the routes file.
157-
158169
### Rate Limiting
159170

160171
To help protect your authentication forms from being spammed by bots, it is recommended that you use

0 commit comments

Comments
 (0)