I built a custom Magento module that generates a frontend page. I need to restrict access so only administrators can view this page. I’m looking for a way to check if an admin user is currently authenticated when they visit frontend pages.
I’ve tested different approaches but none of them work properly:
// First attempt
if(Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn()) {
echo 'admin authenticated';
} else {
echo 'admin not authenticated';
}
// Second approach
Mage::getSingleton('core/session', array('name'=>'adminhtml'));
$backendSession = Mage::getSingleton('admin/session');
$backendSession->start();
if ($backendSession->isLoggedIn()) {
echo 'admin authenticated';
}
What’s the correct method to detect admin login status on frontend pages?
The issue stems from session isolation between frontend and backend in Magento. When accessing frontend pages, the adminhtml session context isn’t automatically available. I encountered this exact problem when building a custom reporting module. The solution requires explicitly initializing the admin session with proper configuration before verification. Use Mage::getSingleton('admin/session')->start('adminhtml') to establish the session context, then call isLoggedIn(). Additionally, ensure your frontend controller extends the appropriate base class and implements proper session handling. Consider also checking session lifetime settings in your admin configuration, as expired sessions will fail authentication even if the admin was previously logged in.
you need to check the adminhtml session properly. try this: $session = Mage::getSingleton('admin/session')->setSessionNamespace('adminhtml'); if($session->isLoggedIn()) { //admin logged in } the key is setting the correct namespace before checking login status. worked for me on similar frontend restriction.
hmm interesting issue! have you tried using Mage::getSingleton('admin/session')->getUser() instead? i’m curious if that returns null for non-authenticated admins. also what happens if you check the session id directly - does it even exist on frontend? wondering if there’s a cross-domain cookie issue here too?