Geek Answers Handbook

CakePHP Continues to Log Out

I recently made three Cake apps, and all three shared this issue. The configuration is mostly stock, and I use this as session parameters.

Configure::write('Session', array( 'defaults' => 'php', 'cookie' => 'test' ));

After many searches, everyone just says that the security level is too high, but I never changed this value, it is:

 Configure::write('Security.level', 'medium');

Change I also tried with a low degree of security and no change.

I use only basic auth to check if the user is logged in.

After logging into the cookie, three hours will expire and the expiration date will not be updated until I log in again, is this normal?

It seems that I do not replicate the problem at all, sometimes I log in and the very next click will log out again, and in other cases it will last some time.

I use Chrome on Windows 7 and there is no AJAX on the site.

Any ideas? Thanks.

+7
source share
4 answers

Do you use Ajax. Is the problem only in IE?

IE uses a different browser agent string to call Ajax to the browser itself. For added security, Cake checks the browser agent and, in the case of IE, considers another browser to try to hijack the session because the agent is different.

You can disable this check with:

 Configure::write('Session.checkAgent', false);
+5
source

After doing the same problem, I found that it was caused by the value of Session.cookieTimeout. Although the php session is still valid, the session cookie expiration date is not updated.

Now this is my session configuration

 Configure::write('Session', array( 'defaults' => 'php', 'timeout' => 30, // The session will timeout after 30 minutes of inactivity 'cookieTimeout' => 1440, // The session cookie will live for at most 24 hours, this does not effect session timeouts 'checkAgent' => false, 'autoRegenerate' => true, // causes the session expiration time to reset on each page load ));
+1
source

You are not the only one having problems with CakePHP sessions in the Chrome browser.

Pixelastic affiliate encoder offers the following fix , quote:

Just create a file called session_custom.php in app/config/ , leave the following lines in it:

 // Killing this config that was causing so much trouble with Chrome ini_set('session.referer_check', ''); // No session id in url ini_set('session.use_trans_sid', 0); // Using custom cookie name instead of PHPSESSID ini_set('session.name', Configure::read('Session.cookie')); // Cookie like time, depending on security level ini_set('session.cookie_lifetime', $this->cookieLifeTime); // Cookie path ini_set('session.cookie_path', $this->path);

Then set Configure::write('Session.save', 'session_custom'); to your core.php file.

0
source

the problem is the sessions:

First check ur 'phpinfo ();'

check if sessions are file based.

if yes, complete the process.

create a new script file (php) that contains only this code: <?php var_dump(session_save_path());?>

run it if you get an empty or empty string, then go to this process:

  • first create a directory in the root folder named "xyz" or whatever you want.
  • make it writable, i.e. chmod 777 .
  • go to the script where you start the sessions, and before starting the sessions change your_session_save_path to the newly created directory. i.e.: session_save_path('pathToxyz');

and then you are done.

if in case the sessions are set as memory: no configuration is required. they just use system memory. in this case you would never run into this problem.

0
source

More articles:


All Articles