Magento: Detect if admin is logged in in frontend pages

Question

I have created a magento extension. I want to implement access to the extension. The extension creates a page in frontend and i want only admin to access that page. So basically

Answer 1

The key to be able to use:

// Ensure we're in the admin session namespace for checking the admin user..
Mage::getSingleton('core/session', array('name' => 'adminhtml'))->start();

$admin_logged_in = Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn();

// ..get back to the original.
Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->start();

is that the controller must extends Mage_Adminhtml_Controller_Action

than you can use this code in the preDispatch function.

And setup the routers for this controller in the admin section of your config.xml.

Answer 2

Check this blog, I think you need not check with start() before checking with isLoggedIn().

Mage::getSingleton('core/session', array('name'=>'adminhtml')); // get sessions

$check = Mage::getSingleton('admin/session', array('name'=>'adminhtml')); //get admin sessions

    if($check->isLoggedIn()) { //check is admin logged in
        echo "Admin is logged in";
    } else {
        echo "Admin is offline";
    }

Answer 3

It is quite simple but not a recommended solution. I myself spend number of hours to do this. For, windows based server try below solution:

$sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
$sessionFile     = file_get_contents($sessionFilePath); 
$exp_cookie   = explode(';',$sessionFile);
if(count($exp_cookie)   >   100)
{
  return "login";
}
return "expire";    

For, Linux based server try below solution:

$sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
$sessionFile     = file_get_contents($sessionFilePath); 
$exp_cookie   = explode('--',$sessionFile)
if(count($exp_cookie)   >   10)
{
  return "login";
}
return "expire";

Thanks, Kashif

Answer 4

Christoph Peters posted a link which solved my problem (Detect if admin is logged in in frontend pages):

//check if adminhtml cookie is set
if(array_key_exists('adminhtml', $_COOKIE)){
   //get session path and add dir seperator and content field of cookie as data name with magento "sess_" prefix
   $sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
   //write content of file in var
   $sessionFile = file_get_contents($sessionFilePath);

   //save old session
   $oldSession = $_SESSION;
   //decode adminhtml session
   session_decode($sessionFile);
   //save session data from $_SESSION
   $adminSessionData = $_SESSION;
   //set old session back to current session
   $_SESSION = $oldSession;

   if(array_key_exists('user', $adminSessionData['admin'])){
      //save Mage_Admin_Model_User object in var
      $adminUserObj = $adminSessionData['admin']['user'];
      echo 'ADMIN USER IS LOGGED IN';
   }
   else
   {
      echo 'ADMIN USER IS NOT LOGGED IN'
   }
}

Thank you very much Christoph Peters!

Answer 5

If you're trying to make it work within the template / phtml files, and/or inside the Block's class you're going to have a hard time. Mainly because magento (aggressively) caches your PHTML blocks for performance purposes thus undoing any program flow control statements you have especially stuff related with cookie checking. I have no direct / lengthy / indepth explanation why but that's just how I've encountered it over and over again.

However, your solution should be correct, but you need to do the check within a controller's preDispatch method like so to avoid the aformentioned aggressive caches since controllers are never cached. (shown in Nick's solution in the question that you linked.):

// Ensure we're in the admin session namespace for checking the admin user..
Mage::getSingleton('core/session', array('name' => 'adminhtml'))->start();

$admin_logged_in = Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn();

// ..get back to the original.
Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->start();

IF you really do need to perform the above checks inside PHTML files or named blocks, check out the following code on how to turn off block-level caching and possibly make it work. What I did before was disable caching for the footer block (in which the child block, not phtml, contains code to check
for a specific cookie)

First off, the block call (found in your local.xml, or module layout update xml, or anywhere you can do layout updates, really. I prefer breaking up my customizations into modules so definitely module layout update xml is the way to go):

<reference name="footer">      
   <action method="unsetData"><key>cache_lifetime</key></action>
   <action method="unsetData"><key>cache_tags</key></action>
   <block type="newsletterpopup/popup" name="newsletterpopup_footer" template="newsletterpopup/popup.phtml"/>
</reference>

And this is the newsletterpopup's block class:

<?php
class Launchpad_Newsletterpopup_Block_Popup extends Mage_Core_Block_Template {
    public function canRender() {
         // Check if cookie exists here       
    }
    public function afterRender() { // if block has rendered, this is called.
        // Set cookie, if it doesn't exist here.
    }
}

And the phtml would be something like:

<?php if($this->canRender()): ?>
   // stuff
<?php endif; ?>

Good luck!

Answer 6

Here is a solution this works with Magento 1.7.0.2 (tested) and on each frontend site, I use this in an controller not extending from Mage_Adminhtml_Controller_Action.

https://peters-christoph.de/tutorials/magento-pruefe-admin-session-logi-im-frontend/