I've done something wrong. :)
I have a ControllerBase that almost all my Controllers extend. In it's initialize(), it contains a check for $this->session->get('userId') which was set when they logged in. If it's empty, it kicks them to a logout() in the ControllerBase to force them to the login screen.This seems to work everywhere except one controller, but I'm not sure it isn't just working most of the time.
In one Controller, the WikiController, it doesn't want to work. I confirmed it IS firing the logout() when WikiController functions are called, by putting in a die('here'); . But it proceeds to fire the subsequent code in WIkiController which involves some model functions/MySQL. The SQL fails because the info from the userId is necessary, and I get some error output from phalcon like it never tried to log them out.
My intention was to have the inherited function from ControllerBase always check to see that a userId existed in the session, then log them out if not.