unpredictable loss of sessions.
I have noticed this myself at times.
What I understood about it was that the problem stems from the level
of security set in Cake's config. When it is set "too high" you can
accidentally be caught "hacking your own app" so to speek. The phrase
"too high" is definitely poorly chosen and should not be taken to mean
that most of us should lower our default security settings.
An example of what can happen: You have a page doing periodical ajax
calls. You click a link during the time Cake is processing one of
these ajax calls. Your request will be "parallel" with the ajax call
and therefore caught in the security check. Or at least something
roughly like this. I have not had a detailed look inside Cakes
security and session classes.
I have also noticed this happening when uploading files and doing 2-3
redirects after each-other. Those are unfortunately hard to reproduce
at will.
/Martin
On Nov 3, 10:08 am, mcphisto <mcphisto1...@gmail.com> wrote:
> Well,
> I've a big big problem with two applications of mine. I use an
> authentication method made with before filter.
> The problem is that, after a login it works correctly. Then, without a
> reason, the application seems to loose the session and brings me back
> to the login form. For this reason, I really can't understand what
> happens and when. Is there a way to produce a log for the application?
> Or otherwise, how I can unserstand what happens? That's the code in
> app_controller.php:
>
> function checkSession()
> {
> // If the session info hasn't been set...
> if (!$this->Session->check('Dealer'))
> {
> // Force the user to login
> $this->redirect('/dealers/login');
> exit();
> }
> }
>
> And this in dealer_controller.php
>
> function login()
> {
> //Don't show the error message if no data has been submitted.
> $this->set('error', false);
>
> // If a user has submitted form data:
> if (!empty($this->data))
> {
> // First, let's see if there are any users in the database
> // with the username supplied by the user using the form:
>
> $someone = $this->Dealer->findByUsername($this-
>
> >data['Dealer']['username']);
>
> // At this point, $someone is full of user data, or its
> empty.
> // Let's compare the form-submitted password with the one
> in
> // the database.
>
> if(!empty($someone['Dealer']['username']) &&
> $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> {
> // Note: hopefully your password in the DB is hashed,
> // so your comparison might look more like:
> // md5($this->data['User']['password']) == ...
>
> // This means they were the same. We can now build
> some basic
> // session information to remember this user as
> 'logged-in'.
>
> $this->Session->write('Dealer', $someone['Dealer']);
>
> // Now that we have them stored in a session, forward
> them on
> // to a landing page for the application.
>
> $this->redirect('/customers/index_search');
> }
> // Else, they supplied incorrect data:
> else
> {
> // Remember the $error var in the view? Let's set that
> to true:
> $this->set('error', true);
> }
> }
> }
>
> function logout()
> {
> // Redirect users to this action if they click on a Logout
> button.
> // All we need to do here is trash the session information:
>
> $this->Session->delete('Dealer');
>
> // And we should probably forward them somewhere, too...
>
> $this->redirect('/dealers/login');
> }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment