Geek Answers Handbook

Auth Timeout Issues with CakePHP

It really bothers me. Been for many years. No matter what I do with core.php or php.ini, the login timeout after about an hour is usually. Some deployments have identical code and timeout configurations after a decent amount of time.

This is what I have at the moment on one site - waiting time in about an hour:

session.gc_divisor 1000 session.gc_maxlifetime 86400 session.gc_probability 1 Configure::write('Session.timeout', '28800'); Configure::write('Session.checkAgent', false); Configure::write('Security.level', 'medium');

And the other - lasted all night:

 session.gc_divisor 100 session.gc_maxlifetime 14400 session.gc_probability 0 Configure::write('Session.timeout', '315360000'); Configure::write('Session.checkAgent', false); Configure::write('Security.level', 'medium');

Now, before you get excited and say, β€œWell, the answer is Session.timeout,” let me tell you that this site usually expires in twenty minutes!

+4
php timeout session cakephp
source share
3 answers

Somewhere I read that on shared hosting, other applications can reset the session by clearing the php-specific session directory. This was mentioned by Rolf in his answer.

CakePHP offers the ability to customize how sessions are handled. In core.php I changed this to 'cake' (the default is 'php' ):

 /** * The preferred session handling method. Valid values: * * 'php' Uses settings defined in your php.ini. * 'cake' Saves session files in CakePHP /tmp directory. * 'database' Uses CakePHP database sessions. */ Configure::write('Session.save', 'cake');

I also guaranteed that the session timeout and the corresponding php.ini values ​​are the same:

 /** * Session time out time (in seconds). * Actual value depends on 'Security.level' setting. */ Configure::write('Session.timeout', '86400');

Until the system logs out.

+4
source share

I do not think this is a specific thing for the cake; I saw this when there were no frameworks - this is most likely a problem with PHP configuration settings.

Things you should check / do to fix the problem:

  • Specify a dedicated path for storing sessions in session.save_path , if you have not already done so. Do not store them in / tmp - some other process may occur and destroy them for you.

  • Make sure (and I mean, of course) that the value of session.gc_maxlifetime is what you think (86400 if you want your logins to time out after 24 hours of inactivity, etc.). Same thing with session.gc_divisor and session.gc_probability . Despite the fact that PHP Manual indicates that session settings can be set at any level, depending on the ugliness of your PHP assembly (they are all a bit buggy their subtle ways :)), you may find that they actually do not take effect. if they are not installed in the global php.ini file, and not in .htaccess code, etc. Just output them in your actual application to make sure they apply.

  • Also, depending on your environment, check if the PHP CLI assembly uses the same php.ini file as the default PHP assembly - if the CLI assembly uses a different configuration file and you have cron jobs using the CLI build, job scripts cron can invoke a session cleanup procedure.

+2
source share

If you have many CakePHP applications on the same server, this may be the cause of your problems. Do not forget:

  • The prefix for each application is different ($ prefix on core.php).

  • Change the name of each cookie path:

     Configure::write('Session', array( 'defaults' => 'php', 'timeout' => 4320, 'ini' => array( 'session.cookie_path' => '/name_app', // this for each app )));
+1
source share

More articles:


All Articles