I had a script that was previously working (a year or two ago) that was able to receive a request in the web context and authenticate the user into a different context, then forward them to a restricted resource. Not sure what’s changed in the last couple releases, but this no longer works. Is this still possible?
$modx->user = $modx->getObject('modUser', array('username' => 'myusername' )); $modx->user->addSessionContext('key');
and I’ve tried:
$login = $modx->runProcessor('security/login', array( 'username' => 'myuser', 'password' => 'password', 'addContexts' => 'key' ));
Both these options create a session token and return true for $modx->user->isAuthenticated(‘key’) but when I actually visit the context I’m still shown the login form and can’t access the restricted resource.
Yes, I have verified that the username in question is part of the correct user group with the right permissions, I’m able to access the documents I need to when I’ve logged in via the login form.
The script also works just fine if I use it in the context in question, but it doesn’t work from outside the context.
Any thoughts on what’s changed that would prevent this? Very frustrating. Worst case, I can run the script on all the contexts in my instance, but I really wanted it to be context gnostic and run from a single URL within the web context.
Any help would be appreciated.
Site is running on MODX Cloud, version 2.7.2, PHP 7.1