phalcon 3.1 logs out when klicking on link

i noticed a weird behaviour after creating an usual link and klicking on it. it's just a simple link from one controller-page to the other but sometimes (not each time!) when i klick the link the user gets logged out and therefore the page can not be displayed (Unauthorized You don't have access to this option. Contact an administrator). i have no idea what causes this random error as everything seems to be made correct programmatically.

so, before the link is clicked the user is always logged in with the correct role. after clicking on this link, sometimes he gets logged out and changes from authenticated role to role "guest" and therefore the page can not be displayed.

the link in the volt-page looks like this: <a href="http://localhost:8080/resort/snowropeway/details/{{plant.UID}}">{{plant.PlantName}}</a>

Idk, you didn't provided enough information, debug it with xdebug.

edited 11d ago

Idk, you didn't provided enough information, debug it with xdebug.

i dont't know what more information is needed. it's just a simple link and the user gets randomly logged out when clicking on it. the error message in den Apache 2.4 log file maybe is interesting:

"PHP Warning: session_destroy(): Session object destruction failed"

to make things more "mysterious" this weird behaviour is happending as well: when adding just an "echo" control output in the "beforeDispatch" method (in case the role is not accepted to access the resource) the error ist gone!

    i$allowed = $acl->isAllowed($role, $controller, $action);
    if (!$allowed) {
                 echo "<br>before dispatch - role: " . $role . " not allowed"; exit;
                 return true;
        $dispatcher->forward(array(
            'controller' => 'errors',
            'action'     => 'show401'
        ));
                    $this->session->destroy();
        return false;
    } else {
                echo "<br>ACCESS ALLOWED";
            }

so this echo (which is never reached as the "allowed" is alway true) leads to the error be gone. when i remove the echo the "allowed" results randomly in beeing false! completely unlogical behaviour!

edited 11d ago

You didn't provided any code. Session_destory? When you use phalcon session adapters you don't need any session_start/session_destroy etc, you sure you have added session service and started it(that's necessary, by default phalcon have session service in DI but it's not started by default)?

Just try to debug it with xdebug and find root of cause, never had problems like that really. Well i had once - i have in my app ip - session checking, maybe you use some vpn which is changing your ip?