I have used CakePHP in my application. But it has a weird problem. Some times a user is
being automatically logged out after within few secs. How to stop this auto log out?
I have set below codes in my app/config/core.php:
Configure::write('Session.timeout', '120');
Configure::write('Security.level', 'low');
The best way is to set session time out in the app/Config/core.php.
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 20,//20minutes
'autoRegenerate' => true,//resets session on activity
'cookieTimeout' => 1440
));
I had a similar problem once. At that time the random loggin out stopped after I fixed a 404 request on one of the images called by a .css file. By that time I was running CakePHP 1.3 though and I have never had a similar issue on CakePHP 2.0
Its commentend on the answers for this question CakePHP session/auth logging out intermittently that:
The 404 request apparently can reset the Cake Auth/Session, not a generic PHP issue
Related
My situation is the following. I have a cakephp project and a seperated plain php script running on the same server.
When I use my client browser to connect to the cakephp project, it builds up a session as it should.
Now I want to continue the session data with my plain php script. Again I use the same client browser to access the plain php script (so the request meta data should be the same and the session should be recognized) and I set cakephp session option to PHP.
'Session' => [
'defaults' => 'php',
],
However, I cant find out how to continue the session on the plain php script.
I would have assumed the following two lines of my plain php script would do the magic:
session_start();
echo json_encode($_SESSION);
Kind regards,
Marius
CakePHPs PHP session defaults (like all built-in defaults) do change the name of the cookie / the name of the session (session.name INI setting) to CAKEPHP:
https://github.com/cakephp/cakephp/blob/3.5.3/src/Network/Session.php#L133-L138
So you either have to change that to match the defaults used by your vanilla PHP app (which is most probably PHPSESSID, ie the PHP default):
'Session' => [
'defaults' => 'php',
'cookie' => session_name(), // would use the PHP default
],
// ...
or change the latter app to use the name configured for your CakePHP application:
session_name('CAKEPHP');
session_start();
// ...
Also make sure that the session.cookie_path and session.cookie_domain configuration covers both of your applications locations.
See also
Cookbook > Sessions > Session Configuration
Cookbook > Sessions > Setting ini directives
I am working on a legacy CakePHP 1.3 app and while I have years of experience with PHP, I am still finding my feet with CakePHP. I am following Chapter 4 'How to use the bakery' in Jamie Munro's Rapid Application Development with CakePHP, however the steps he suggests do not seem to go the way I'd expect them too.
I feel a good way of explaining this is going through the steps involved:
Following the books 'Hello World' example outlined in earlier chapters, I have setup a basic CakePHP app at this location on my machine: /home/public_html/helloworld.local. I can see the 'Hello World' example in a web browser on my local machine when I access: http://helloworld.local/users/add
Chapter 4 suggests that I move to this directory: home/public_html/helloworld.local/cake/console
I then run: ./cake bake
I get prompted to enter the location of the app and I add:
/home/public_html/helloworld.local/app
I then proceed to select defaults for the next few selections and there are no problems until I run into the line:
Your database configuration was not found. Take a moment to create one.
I do not understand this since there is a database file configured in ~/public_html/helloworld.local/app/config/database.php, and when I access the helloworld app outlined earlier (available on my local machine at http://helloworld.local/users/add), there is a database connection successfully established and records can be inserted.
I have also tried re-entering my database details when offered the chance to by cake bake, but end up with the error after succesfully adding the correct details:
Fatal error: Class 'DATABASE_CONFIG' not found in
/home/public_html/helloworld.local/cake/console/libs/tasks/db_config.php
on line 260
But either way, it should have found the existing database connection details, so not sure what is going on.
For using console command like cake bake you have to use your operating system terminal(for linux)/ command prompt(for windows). So you have to do the step mentioned in step 2 and 3 in you console. You can read documentation here to know how to use console commands.
Then, make sure that you have the file home/public_html/helloworld.local/app/config/database.php. I hope you removed .default from its name and rename it to database.php. To link up your database with your cakephp project you have to specify credentials in database.php.
var $default = array('driver' => 'mysql',
'persistent' => false,
'host' => 'localhost',
'login' => 'root',
'password' => 'password',
'database' => 'database_name',
'prefix' => ''
);
I don't have a running CakePHP 1.3 installation here at hand, but this is what is happening at that location:
// #link: https://github.com/cakephp/cakephp/blob/1.3/cake/console/libs/tasks/db_config.php#L260
config('database');
$db = new $this->databaseClassName; // i.o.w. $db = new DATABASE_CONFIG;
This line:
config('database');
Does nothing more than including the database.php configuration file, simplified to;
include_once(CONFIGS . $arg . '.php'); // i.o.w. include_once(CONFIGS . 'database.php');
(https://github.com/cakephp/cakephp/blob/1.3/cake/basics.php#L77)
So IMO two problems may cause your error;
app/config/database.php was not found
You can try to check if this outputs the right path:
die(CONFIGS . 'database.php');
There is an error in your app/config/database.php, causing the DATABASE_CONFIG class to be malformed and unable to be initialized
A word of notice
Aparently your running 'bake' for everything including setting up a new database configuration. This may overwrite your
existing database configuration. It is possible to bake only parts of your application (e.g. bake controllers only or models).
The manual on baking in CakePHP 1.3 is located here:
http://book.cakephp.org/1.3/en/The-Manual/Core-Console-Applications/Code-Generation-with-Bake.html
And this
If this is your first CakePHP project, you should realy consider the option to upgrade to CakePHP 2.x CakePHP 1.3 is really outdated and, although it's still able to run fine, I wouldn't invest too much time in 1.3 as a lot of things have changed in CakePHP 2.x. It's probably better to start with CakePHP 2.x then to start with 1.3 and learn things that no longer work in CakePHP 2.
Copy your app/Config folder to app/Console, so the final path would be app/Console/Config. That worked for me.
In my app, I have a session which persists when the user moves from page to page. However, the app uses a payment gateway and if the user goes to the payment gateway and then presses back to try to return to my app Cake is dropping the old session (and all the data it contained) and making a new one.
I found this question which is kinda the same issue, except it's happening when the user presses "back" from the payment gateway which I didn't really think would be classed as being referred.
Anyway, the advice in that question is to change Configure::write('Security.level') to low but I'm using CakePHP 2.3 and I notice from the changelog that one of the things that has been done is "Removed Security.level from core.php" -- and this seems to be because this particular setting is no longer used for anything.
So, my question is how do I disable whatever it is that is causing Cake to drop and regenerate the session when a user is either referred (or simply presses back) from a payment gateway?
I would suggest changing the following core.php settings:
Configure::write('Session',
array(
'defaults' => 'php',
'timeout' => '30',
'autoRegenerate' => false
)
);
I had a similar issue and that solved it for me.
Thanks,
IE with chormeframe has a habit of sending first request to a "different" site with plain IE-useragent header whereas subsequent contains "chromeframe " in it. On a non-Cake site I had same issue with sessions when checking useragent.
I can go to my site, look in DebugKit > Session, and see the "Auth" variable - works fine, and everything is great.
BUT - on two machines (out of 5-7 tested), and only in Chrome, the Auth variable is completely missing. This keeps the user from logging in, screws up redirects...etc etc.
We've tried uninstalling and re-installing Chrome - we made sure security settings and session/cookie settings in Chrome were the same as all the other computers that work...etc etc. (Maybe we missed one?, but - fresh install, so...). And we made sure we're all in the same version of Chrome.
At first I thought it might be an issue with my code (and it still could be), but then we tried logging into another Cake site on one of the "stupid" computers, and it did the same thing - can't log-in.
I just managed to resolve exactly this issue on my machine.
It seems that somehow my Chrome managed to get two cookies with the same name for the same domain - CAKEPHP.
In order to make sure that all cookies are reset for all browsers I have updated my session configuration in /app/Config/core.php:
Configure::write('Session', array(
'defaults' => 'php',
'cookieTimeout' => 0,
'cookie' => 'newNameSESSION',
));
Note the key 'cookie' explicitly setting a new cookie name for the identification of the session. After this change I was able to log on to my application from all browser from which I was unable to log in before.
It must have had something to do w/ the Security Component. When I turned that off, they could log-in fine.
Still not sure exactly what the issue is, but upgraded my site to CakePHP 2.2 beta, and it's not an issue now.
The release notes are here.
Here are some of the release notes from the 2.1.2 stable release (I was on 2.1) - these are the ones that relate to Sessions/Auth...etc that COULD have had something to do with the problem:
AuthComponent now uses loginRedirect as the default redirect location, should the session be empty.
A change to CakeSession was reverted to help solve issues with IE8 and sessions being lost.
SessionComponent::id() always returns the sessionid. It will auto-start the session if necessary.
I have some problems with CakePHP 1.3 standard Authentication. It seems that users or admin users get log out too easily... especially on some browsers. In IE7-9 it sometimes needs only to change window or tab in browser to log out. This is annoying.
I have found that many users have these kind of problems but I'm unable to find good resources or examples how to specifically adjust automatic log out. I found out that some Security.level settings etc. might affect these, but tips are not very precise...
In user authentication, I would like to disable automatic log out or at least make a long timeout for active logged in user. Any advices or howto-guides how to change auto log out behaviour without changing the cake core (not intended anyway)...?
use this code perhaps solved your problem,
<?php echo $this->Html->link('Enter', '/pages/home', array('class' => 'button', 'target' => '_blank')); ?>
I always had trouble with it, too. Just recently I started to use Miles' AutoLogin component which at least "cloaks" the problem:
http://www.dereuromark.de/2012/02/02/more-persistent-sessions-in-cake2-x/
Not ideal, but it works.
I've noticed that if Security level is set to high in core.php, as in Configure::write('Security.level', 'high'); my users get logged out very quickly if their Session times out without the timeframe set by the Security.level.
When I changed that to medium the problem went away.