I have some problems with CakePHP 1.3 standard Authentication. It seems that users or admin users get log out too easily... especially on some browsers. In IE7-9 it sometimes needs only to change window or tab in browser to log out. This is annoying.
I have found that many users have these kind of problems but I'm unable to find good resources or examples how to specifically adjust automatic log out. I found out that some Security.level settings etc. might affect these, but tips are not very precise...
In user authentication, I would like to disable automatic log out or at least make a long timeout for active logged in user. Any advices or howto-guides how to change auto log out behaviour without changing the cake core (not intended anyway)...?
use this code perhaps solved your problem,
<?php echo $this->Html->link('Enter', '/pages/home', array('class' => 'button', 'target' => '_blank')); ?>
I always had trouble with it, too. Just recently I started to use Miles' AutoLogin component which at least "cloaks" the problem:
http://www.dereuromark.de/2012/02/02/more-persistent-sessions-in-cake2-x/
Not ideal, but it works.
I've noticed that if Security level is set to high in core.php, as in Configure::write('Security.level', 'high'); my users get logged out very quickly if their Session times out without the timeframe set by the Security.level.
When I changed that to medium the problem went away.
Related
I have a VM that I set up to do development on two sites hosted on Acquia with the same codebase. I'm using version Drupal 7.26. I have it where I can access both sites from the host computer, but when I try to log in using /user/login on either site, I get nothing. The POST returns a 404 containing the log in page again.
I've tried settings $cookie_domain = '.my-site.dev' as well as $cookie = 'www.mysite.dev'. Neither has any effect. I also tried adding a bunch of random charactersto the file to make sure I was editing the correct file; with the random characters, pages didn't load at all. (See https://www.drupal.org/node/611920#comment-3110010.)
I also tried doing repair table sessions. I forgot which site I saw that recommendation from. I also tried delete from sessions just for kicks. Neither worked.
Any ideas? Thanks!
edit: Per https://www.drupal.org/node/261411#comment-3182566, I tried to go to www.mysite.dev/?q=user/login. This did not give me a 404, but I had tried (unsuccessfully, it seems) to reset my password through the database. I'm at least getting an error about a bad username/password combination rather than nothing at all. Still, I would think /user/login should have worked, too.
edit 2: The production site uses CAS, but logging in through /user/login still works.
In my app, I have a session which persists when the user moves from page to page. However, the app uses a payment gateway and if the user goes to the payment gateway and then presses back to try to return to my app Cake is dropping the old session (and all the data it contained) and making a new one.
I found this question which is kinda the same issue, except it's happening when the user presses "back" from the payment gateway which I didn't really think would be classed as being referred.
Anyway, the advice in that question is to change Configure::write('Security.level') to low but I'm using CakePHP 2.3 and I notice from the changelog that one of the things that has been done is "Removed Security.level from core.php" -- and this seems to be because this particular setting is no longer used for anything.
So, my question is how do I disable whatever it is that is causing Cake to drop and regenerate the session when a user is either referred (or simply presses back) from a payment gateway?
I would suggest changing the following core.php settings:
Configure::write('Session',
array(
'defaults' => 'php',
'timeout' => '30',
'autoRegenerate' => false
)
);
I had a similar issue and that solved it for me.
Thanks,
IE with chormeframe has a habit of sending first request to a "different" site with plain IE-useragent header whereas subsequent contains "chromeframe " in it. On a non-Cake site I had same issue with sessions when checking useragent.
I can't access the Datastore Admin tab due to a "This webpage has a redirect loop" error and I can't figure out what I'm doing wrong or have set up wrong.
I have Datastore Admin Enabled in my web console.
I've added (although I don't know if this is even necessary):
builtins:
- datastore_admin: on
I've cleared cookies, etc.
Authentication Options is set to Google Accounts API
Has anyone else seen this or know how to fix it?
The issue is being discussed here and I am going to answer it.
http://code.google.com/p/googleappengine/issues/detail?id=4233
First a question. Which browser is this on?
I've had this problem on chrome and it's related to Chrome blocking third-party cookies, over-all a nice thing for it to do. You can add an exception to your third-party cookie settings to make fix the problem.
You need to go to the Chrome settings page. You may need to expand an option called Show advanced settings...
Then look for:
Privacy / Content settings...
Cookies / Manage exceptions...
Then add an exception at the bottom of this list. The exception should look like this:
https://ah-builtin-python-bundle-dot-latest-dot-[YOUR_APP_ID].appspot.com/_ah/datastore_admin/*
I can go to my site, look in DebugKit > Session, and see the "Auth" variable - works fine, and everything is great.
BUT - on two machines (out of 5-7 tested), and only in Chrome, the Auth variable is completely missing. This keeps the user from logging in, screws up redirects...etc etc.
We've tried uninstalling and re-installing Chrome - we made sure security settings and session/cookie settings in Chrome were the same as all the other computers that work...etc etc. (Maybe we missed one?, but - fresh install, so...). And we made sure we're all in the same version of Chrome.
At first I thought it might be an issue with my code (and it still could be), but then we tried logging into another Cake site on one of the "stupid" computers, and it did the same thing - can't log-in.
I just managed to resolve exactly this issue on my machine.
It seems that somehow my Chrome managed to get two cookies with the same name for the same domain - CAKEPHP.
In order to make sure that all cookies are reset for all browsers I have updated my session configuration in /app/Config/core.php:
Configure::write('Session', array(
'defaults' => 'php',
'cookieTimeout' => 0,
'cookie' => 'newNameSESSION',
));
Note the key 'cookie' explicitly setting a new cookie name for the identification of the session. After this change I was able to log on to my application from all browser from which I was unable to log in before.
It must have had something to do w/ the Security Component. When I turned that off, they could log-in fine.
Still not sure exactly what the issue is, but upgraded my site to CakePHP 2.2 beta, and it's not an issue now.
The release notes are here.
Here are some of the release notes from the 2.1.2 stable release (I was on 2.1) - these are the ones that relate to Sessions/Auth...etc that COULD have had something to do with the problem:
AuthComponent now uses loginRedirect as the default redirect location, should the session be empty.
A change to CakeSession was reverted to help solve issues with IE8 and sessions being lost.
SessionComponent::id() always returns the sessionid. It will auto-start the session if necessary.
Well as I have posted earlier too...I have created a site in two languages. One with URL www.mainDomain.com (English) and other with www.fr.subDomain.com (French).
Both are done in CakePHP,in french I have just changed the views of it to French. But the problem is, when anybody login's in English version and then switches to the French version, the session doesn't recognizes it and ask for login again. It has become to be the biggest bug in the Web application which I have done till far.
For that, as Swanny told me to go through a link and I did it on my application as it was said on the link.Apparently,it worked for login which shared session between two domains(main domain and it's subdomain). But when I checked it thoroughly, I recognized that both the sites are throwing the latest NEWS from Database, both data are different. Just to check if I was wrong I changed the some save variable to database in session array. But now it refused to remember anything (session). Could anyone suggest me what could be problem with this and how can I resolve this...???
Thanks in advance
I'm not sure I completely understand, but I'm gonna try. I think this is about a PHP setting called session.cookie_domain.
Assuming your websites have the following URLs:
http://www.example.org/
http://fr.example.org/
http://de.example.org/
The setting you want is: .example.org.
You can adjust this in php.ini, a .htaccess file or even in PHP itself:
<?php ini_set('session.cookie_domain', '.example.org'); ?>
If your websites run on two completely different domains, e.g.:
http://example1.org/
http://example2.org/
... then there is no way to share the cookie between these two different domains.
#dooltaz That is a great solution. Be issue is that cake seems to be setting the cookie after me. What I did instead is send the user ro a redirect method and then move the cookie setting to the afterFilter
function afterFilter() {
if (!empty($this->params['url']['session_key'])) {
// Setup variables here...
setcookie(Configure::read('Session.cookie'), $this->params['url']['session_key'], time()+360000, '/');
// Cakes cookie method will put your cookie name in [] so it does not work.
}
}
(Also fixed typo in your code..)
If you have two different domains, I would suggest the following:
On "www.mainDomain.com", put a link to the "www.fr.subDomain.com" site and pass the cookie in your view file:
$session_cookie = $_COOKIE[Configure::read('Session.cookie')];
echo $html->link('See French Site', 'http://www.fr.subDomain.com/?session_key='.$session_cookie);
Then on the french site add a bit of code to mimic the cookies in the app_controller.php > beforeFilter().
function beforeFilter() {
if(!empty($this->params['url']['session_key']) {
// Setup variables here...
setcookie(Configure::read('Session.cookie'), $session_cookie, time()+360000, '/', $domain);
// You could use CAKE's setcookie command here.
}
}
Now that the cookies match up, you will have to either use database sessions or the cake file based sessions. Read the instructions in core.php to set those up.
This should allow you to basically share the same session over various sites. I'm actually in the middle of implementing ACL over multiple sites with a single login. It can get to be a bit tricky, but just do it step by step, you'll do fine. Also don't be afraid to jump into the Cake core code to see how it works.