Thursday, September 30, 2010

Re: Facebook & Session Component

The solution: security level in low. But I don't really understand what is happening down there :p.

2010/9/30 Hugo M <ham1988@gmail.com>
Basically, I'm loosing my CakePHP session after using Facebook's multifriend selector... any ideas? :S Is this something related with Cake security??

2010/9/30 Hugo M <ham1988@gmail.com>

Hi! I'm making a FB Connect site. I have a multi-friend selector. When i send invitations, the user is sent to root. Root is albums/index (because there are picture cards albums). Because the application could have only one album, when I just have one album I sent the user straight to that album.

So I have:


    function index() {
        $albums = $this->Album->find('all');

        //If there's only 1 album, we go straight to the album!
        if (count($albums) == 1) {
            $this->choose($albums[0]['Album']['id']);
        }
    }

    function choose($aid) {
        $album = $this->Album->findByIdAndApplicationId($aid,Configure::read('Application.id'));

        if (empty($album)) {
            throw new Exception("Invalid album id");
            //$this->getBack("Invalid album");
        }

        $this->Session->write('Auth.User.album_id', $aid);
        $this->Session->write('Auth.User.album_name',$album['Album']['name']);
        $this->redirect('/albums/view');
    }

function view($page = 1) {
        $uid = $this->Auth->user('user_id');
        $this->loadModel('User');
        $user = $this->User->find('first', array(
            'contain'=>array(
                'Card'
            ),
            'conditions'=>array('User.id'=>$uid)
        ));
        $cardsPerPage = Configure::read('Album.CardsPerPage');
        $offset = ($page-1) * $cardsPerPage;
        if (!$this->Session->check('Auth.User.album_id')) {

//HERE IS THE PROBLEM

                    $this->Session->setFlash("Choose an album");
                    $this->redirect('/albums/');
        }

The problem is that for some reason, this

    $this->Session->write('Auth.User.album_id', $aid);
        $this->Session->write('Auth.User.album_name',$album['Album']['name']);

is lost when I redirect to albums/view, then this code is executed:

   $this->Session->setFlash("Choose an album");
                    $this->redirect('/albums/');

And I have an infinite loop.

Why this could happen? All other Session variables are ok when I do a debug. Only that variables are lost.

This problem appears ONLY when I come from a Facebook callback (like after sending invitations, or clicking in a Facebook link). When I go to /albums/index by myself I am well redirected to albums/view with the only album selected.

I think may have to do with the fact I'm using Auth.User session space to store other fields.... but it's strange it only happens with Facebook.


Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
 
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)