Re: Before filter, the session falls

You could probably look at this http://monmonja.com/blog/2008/09/making-cakephp-and-session-work/

On Nov 3, 7:44 pm, "martin.westin...@gmail.com"
<martin.westin...@gmail.com> wrote:
> There has been scattered reports from people experiencing
> unpredictable loss of sessions.
> I have noticed this myself at times.
>
> What I understood about it was that the problem stems from the level
> of security set in Cake's config. When it is set "too high" you can
> accidentally be caught "hacking your own app" so to speek. The phrase
> "too high" is definitely poorly chosen and should not be taken to mean
> that most of us should lower our default security settings.
>
> An example of what can happen: You have a page doing periodical ajax
> calls. You click a link during the time Cake is processing one of
> these ajax calls. Your request will be "parallel" with the ajax call
> and therefore caught in the security check. Or at least something
> roughly like this. I have not had a detailed look inside Cakes
> security and session classes.
>
> I have also noticed this happening when uploading files and doing 2-3
> redirects after each-other. Those are unfortunately hard to reproduce
> at will.
>
> /Martin
>
> On Nov 3, 10:08 am, mcphisto <mcphisto1...@gmail.com> wrote:
>
> > Well,
> > I've a big big problem with two applications of mine. I use an
> > authentication method made with before filter.
> > The problem is that, after a login it works correctly. Then, without a
> > reason, the application seems to loose the session and brings me back
> > to the login form. For this reason, I really can't understand what
> > happens and when. Is there a way to produce a log for the application?
> > Or otherwise, how I can unserstand what happens?  That's the code in
> > app_controller.php:
>
> > function checkSession()
> >     {
> >         // If the session info hasn't been set...
> >         if (!$this->Session->check('Dealer'))
> >         {
> >             // Force the user to login
> >             $this->redirect('/dealers/login');
> >             exit();
> >         }
> >     }
>
> > And this in dealer_controller.php
>
> > function login()
> >     {
> >         //Don't show the error message if no data has been submitted.
> >         $this->set('error', false);
>
> >         // If a user has submitted form data:
> >         if (!empty($this->data))
> >         {
> >             // First, let's see if there are any users in the database
> >             // with the username supplied by the user using the form:
>
> >             $someone = $this->Dealer->findByUsername($this-
>
> > >data['Dealer']['username']);
>
> >             // At this point, $someone is full of user data, or its
> > empty.
> >             // Let's compare the form-submitted password with the one
> > in
> >             // the database.
>
> >             if(!empty($someone['Dealer']['username']) &&
> > $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> >             {
> >                 // Note: hopefully your password in the DB is hashed,
> >                 // so your comparison might look more like:
> >                 // md5($this->data['User']['password']) == ...
>
> >                 // This means they were the same. We can now build
> > some basic
> >                 // session information to remember this user as
> > 'logged-in'.
>
> >                 $this->Session->write('Dealer', $someone['Dealer']);
>
> >                 // Now that we have them stored in a session, forward
> > them on
> >                 // to a landing page for the application.
>
> >                 $this->redirect('/customers/index_search');
> >             }
> >             // Else, they supplied incorrect data:
> >             else
> >             {
> >                 // Remember the $error var in the view? Let's set that
> > to true:
> >                 $this->set('error', true);
> >             }
> >         }
> >     }
>
> >     function logout()
> >     {
> >         // Redirect users to this action if they click on a Logout
> > button.
> >         // All we need to do here is trash the session information:
>
> >         $this->Session->delete('Dealer');
>
> >         // And we should probably forward them somewhere, too...
>
> >         $this->redirect('/dealers/login');
> >     }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---