Monday, November 3, 2008

Re: Before filter, the session falls

Ok, maybe this is the problem. I experienced sessions falling when
using live search or when opening blank pages. Now I changed the
configuration in core php as in the article suggested by monmonja.
Very good and clear article. Now I try and then I'l tell you.

Thank you.

On 3 Nov, 15:07, monmonja <almondmend...@gmail.com> wrote:
> You could probably look at thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/
>
> On Nov 3, 7:44 pm, "martin.westin...@gmail.com"
>
>
>
> <martin.westin...@gmail.com> wrote:
> > There has been scattered reports from people experiencing
> > unpredictable loss of sessions.
> > I have noticed this myself at times.
>
> > What I understood about it was that the problem stems from the level
> > of security set in Cake's config. When it is set "too high" you can
> > accidentally be caught "hacking your own app" so to speek. The phrase
> > "too high" is definitely poorly chosen and should not be taken to mean
> > that most of us should lower our default security settings.
>
> > An example of what can happen: You have a page doing periodical ajax
> > calls. You click a link during the time Cake is processing one of
> > these ajax calls. Your request will be "parallel" with the ajax call
> > and therefore caught in the security check. Or at least something
> > roughly like this. I have not had a detailed look inside Cakes
> > security and session classes.
>
> > I have also noticed this happening when uploading files and doing 2-3
> > redirects after each-other. Those are unfortunately hard to reproduce
> > at will.
>
> > /Martin
>
> > On Nov 3, 10:08 am, mcphisto <mcphisto1...@gmail.com> wrote:
>
> > > Well,
> > > I've a big big problem with two applications of mine. I use an
> > > authentication method made with before filter.
> > > The problem is that, after a login it works correctly. Then, without a
> > > reason, the application seems to loose the session and brings me back
> > > to the login form. For this reason, I really can't understand what
> > > happens and when. Is there a way to produce a log for the application?
> > > Or otherwise, how I can unserstand what happens?  That's the code in
> > > app_controller.php:
>
> > > function checkSession()
> > >     {
> > >         // If the session info hasn't been set...
> > >         if (!$this->Session->check('Dealer'))
> > >         {
> > >             // Force the user to login
> > >             $this->redirect('/dealers/login');
> > >             exit();
> > >         }
> > >     }
>
> > > And this in dealer_controller.php
>
> > > function login()
> > >     {
> > >         //Don't show the error message if no data has been submitted.
> > >         $this->set('error', false);
>
> > >         // If a user has submitted form data:
> > >         if (!empty($this->data))
> > >         {
> > >             // First, let's see if there are any users in the database
> > >             // with the username supplied by the user using the form:
>
> > >             $someone = $this->Dealer->findByUsername($this-
>
> > > >data['Dealer']['username']);
>
> > >             // At this point, $someone is full of user data, or its
> > > empty.
> > >             // Let's compare the form-submitted password with the one
> > > in
> > >             // the database.
>
> > >             if(!empty($someone['Dealer']['username']) &&
> > > $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> > >             {
> > >                 // Note: hopefully your password in the DB is hashed,
> > >                 // so your comparison might look more like:
> > >                 // md5($this->data['User']['password']) == ...
>
> > >                 // This means they were the same. We can now build
> > > some basic
> > >                 // session information to remember this user as
> > > 'logged-in'.
>
> > >                 $this->Session->write('Dealer', $someone['Dealer']);
>
> > >                 // Now that we have them stored in a session, forward
> > > them on
> > >                 // to a landing page for the application.
>
> > >                 $this->redirect('/customers/index_search');
> > >             }
> > >             // Else, they supplied incorrect data:
> > >             else
> > >             {
> > >                 // Remember the $error var in the view? Let's set that
> > > to true:
> > >                 $this->set('error', true);
> > >             }
> > >         }
> > >     }
>
> > >     function logout()
> > >     {
> > >         // Redirect users to this action if they click on a Logout
> > > button.
> > >         // All we need to do here is trash the session information:
>
> > >         $this->Session->delete('Dealer');
>
> > >         // And we should probably forward them somewhere, too...
>
> > >         $this->redirect('/dealers/login');
> > >     }- Nascondi testo citato
>
> - Mostra testo citato -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)