I'm working on some projects (all in CakePHP) and I found an issue. The problem is that when I'm logged in one system and I try to log into another one with SAME USERNAME, it logs me in to the second one and logs me out of the first one. The problem only appears when I try it with same user name. I have different Security.salt and Security.cipherSeed variables.
Can anyone help me ? Thank you very much
are you using the same Session Name in all your apps?
Edit:
What about the cookie name? Maybe you are using the same name and same domain, thus every time you login you rewrite the cookie. I would change the name of the cookie in every app.
Edit your core.php
Configure::write('Session.cookie', "app1");//app2, app3, etc
You can set session path for different project in AppContoller or UsersController
function beforeFilter() {
$this->Session->path = '/projectname/';
}
So, Each time session path will be different for different project and not conflict in Login process
Related
I am using two cakephp framework . Problem is when I logged in to 1 st one, without login I can login to 2nd one by using same session.
how to resolve this issue . I am using cakephp 2x
From what you are saying I understood that you have two applications running on the same server (the default realm for Auth plugin). And what is happening is that once you login in one application the other lets you access the protected locations without the need to login (I've faced this).
IF this is your issue you can either change the prefixes of the applications in the configuration file app/Config/core.php.
It is one line like this:
<?php [...]
$prefix = 'myapp_';
Change the prefix to other name.
OR
Configure the realm key in the AuthComponent configuration to other value than the 'servername' which is the default.
For this one check the docs and search for 'realm'.
I've been working with the Azure B2C for a couple of days now and have a few issues and questions:
Url that it creates to redirect for login is formed incorrectly. It contains a question mark twice - after the url, and again after the profile name. This causes a 404 not found error every time you login, log out, etc. For example, the URL it tries to redirect to for login looks like this: https://login.microsoftonline.com/samlmanbc.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_firstdemoprofile?client_id=08fcblahblah. You'll notice a second question mark after the profile name, and that's what breaks it.
If I fix that and try and log in, it doesn't recognize the username / password of my account that's a global admin. It DOES recognize the username / password of a new user I created locally in the directory.
In the OnRedirectToIdentityProvider method, when the request type is authentication, the AuthenticationResponseChallenge is null, which makes this call fail:
OpenIdConnectConfiguration config = await mgr.GetConfigurationByPolicyAsync(CancellationToken.None, notification.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[Startup.PolicyKey]);
I worked around this by using the static string SignInPolicyId for the second parameter. That works fine when an account already exists, but if it doesn't then Azure fails at login and says an account doesn't exist for the user. So what is the right value to use there, and/or how does one initialize it so it isn't null?
The type of a claim that was added to a profile is preceded with "extension_"; is that always going to be true or just for now? For example, I added a property called "favoriteTeam", but the claim type for it is "extension_favoriteTeam".
When you use FaceBook as an identity provider, is there any way to pass along the Facebook access token claim (http://www.facebook.com/claims/AccessToken)? This was useful when using ACS with Facebook because your app can then use that token to make additional calls to Facebook to get data from it.
In relation to issue 1 - I updated my reference Microsoft.IdentityModel.Protocol.Extensions to v1.0.2.206221351 and it started working. I made some updates to other references before this, so if the first one doesn't work, try updating more assemblies from nuget.
This is as expected. A page that signs in "local account" users will not sign in your work or school account (in this case, the global admin user).
Always going to be true. We will be cleaning up the Admin UX to make this more clear.
This is on our roadmap. No ETA as yet.
currently i'm trying to implement the opauth plugin for cakephp found here using the facebook strategy at present. I've followed the instructions however when I attempt to login using my facebook account I am redirected to the login page. What I have noticed is that the authentication is occurring and successful using this->Auth->login($user) where $user is an array of the user's stored information, but on redirection, the login function of my UserController is called an I'm returned to the login page. Any ideas? Thanks in advance!
So I figured it out. Turns out its a config setting, I noticed it while staring at his commit comments on github. In the config of the plugin the default option for the callback transport was changed from session (losing the session was my issue) to post. The change can be seen here. After making that change to the config everything worked.
I have two different CakePHP based applications on same server. They are placed in separated directories, and each of them use it's own database. Also, they both have implemented authentication. So, (in my opinion) they are fully independent.
Problem I have is that I cannot be logged-in in same time in both applications (in same browser).
Can you help me what I'm doing wrong in this case, and how can I be authenticated in both of them sametime?
Try to change Session.save variable in app/config/core.php. Default is 'php', so change it to 'cake'. This will make Cakephp store the Session variables in the app/tmp/sessions directory. Remember to give write permissions to this folder. Also make shure that both apps have diffrent Security.salt key in the same config file.
I am using cakephp 2.0 in My Users controller i am setting a SESSION in login action using
$this->Session->write('Users',$value);
once session set it will redirect to next action named home. In login action its working I logged and checked the value, but after the redirect I read the session value by using the following in home action
$this->log($this->Session->read('Users'));
nothing displayed. But its working fine in local server.
Please check the following things on your server.
Check your php.ini file whether session is enabled or not.
session.cookie.domain is set to your server or not.
Check for your php files having any blank lines after ?> if any please remove.
And then try.
What I understood is:
You are writing the session value into a log file. The value will not display on the screen, instead of it you can find this value in app/tmp/logs/error.log file.
This link will help you to get understand the concept.
To display the session value use pr($this->Session->read('Users'));
Kindly ask if it not worked for you.
User cakephp debug toolkit to check the session values. By using this you'll be able to monitor many things like
Request History.
Session.
Sql Log.
Timer.
Log (Which you are using in your question).
Variable set to your view.
https://github.com/cakephp/debug_kit/ Different version of debug kit are available for different version of Cake.