Monday, February 22, 2010

Question about session cookies

I'm seeing some strange behavior with CakePHP, and I was hoping someone here
might be able to shed some light on it.

I have a production application that I've recently started managing. As
part of this process, I've created a staging host on an Amazon EC2 server.
I've done a production deployment on this staging server, and almost all of
the functionality works as expected. Pages display properly, etc.

However there's one thing that doesn't work - authentication. Or rather, it
doesn't work completely.

The login process is implemented using AJAX, through a Dojo front end. The
authentication request and response are JSON. The JSON is served up by a
JSON view built off my Cake users controller.

I am able to log in successfully on any given page, and the JSON response
(and server side logging) shows that authentication is processed
successfully. But when navigating to another page the authentication
information is lost and I'm logged out. This problem doesn't occur on the
production system.

Digging a little deeper with curl, it appears that the difference is that on
the production system an updated session cookie is set on the response to
the Authentication JSON request. When I look at the staging environment,
this set cookie header doesn't appear in the response.

Note that the session cookie is served up on the initial request, so it's
not some sort of global inability to write session cookies. Instead, the
problem seems to occur only on updates.

I've been debugging this issue for a few days now, and I can't quite figure
it out. Everything looks ok - it's not a file permission issue with the tmp
directory, the authentication calls are not failing, and the session update
appears to be happening in memory (I've added debugging to session.php).

Any thoughts? Any help would be appreciated.

Thanks.

Regards,

Peter

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)