BTW, another problem of setting the cookie in 6 hours is that if the user
has a clock that is not synced (i.e. more than 6 hours ahead), the browser
will expire the session cookie and the user cannot stay logged in.
Best,
Chris
On Tue, Sep 4, 2012 at 3:07 PM, Chris Cinelli <
chris.cine...@formativelearning.com> wrote:
> It looks like the code is in CakeSession.php
>
> I think I solved the cookie expiration problem with this in the core.php:
> Configure::write('Session', array(
> 'defaults' => 'php',
> 'cookieTimeout' => 0, //Lives until the browser is closed.
> 'checkAgent' => false //To fix a little the Chrome Frame problem
> ));
>
> Pretty much all main website manage the session expiration using a session
> cookie (that get removed when the browser is closed). Exceptions are
> website that keep you loggedin like Facebook. They set the cookie
> expiration to a month after login (but the user actually have to check the
> box - "keep me logged in").
>
> I think though that setting by default the cookie expiration to 6h (I
> think it is the PHP session default) and NEVER updated it is a *BUG*. If
> the user is on the website for 6h, he should not be forced to logging
> again. This is a major problem if the user is writing some very long text
> into a page that save the text with Ajax calls.*
> *
> BTW, the default behavior can actually create more security problems that
> leave the cookie expire with the session. In fact if the user is on a
> public computer and close the browser to finish his/her session, the
> following user that connect before the 6h limit is going to be able to
> reconnect to the website under the previous user credentials.*
>
> *Best, Chris
> *
> *
> On Tue, Sep 4, 2012 at 12:19 PM, Chris Cinelli <
> chris.cine...@formativelearning.com> wrote:
>
>> Anybody that know at least what it is the expected behavior?
>> Is it normal that the CAKEPHP cookie has 6h expiration after login and
>> never get updated?
>>
>> Best,
>> Chris
>>
>>
>> On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli <
>> chris.cine...@formativelearning.com> wrote:
>>
>>> We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior
>>> also on my Mac running on XAMPP and as far as I know we have always had
>>> this problem.
>>>
>>> I would expect that:
>>>
>>> 1. The session expires if after a certain amount of time if there
>>> are no more calls to the server.
>>> 2. Activity on the server should update the expiring time.
>>>
>>>
>>> Instead we noticed that after a certain amount of time, the user get
>>> logged out and he has to log back in even if he accessed a page just a a
>>> minute before.
>>> I actually put even a "hertbeat" AJAX call that is been called every 20
>>> minutes that was supposed to prevent the session to expire, but sessions
>>> keep getting lost.
>>>
>>> Is this the intended behavior?
>>>
>>> If it not I am not sure if the problem is on the frontend's cookie or
>>> the backend;s session. I noticed that the CAKEPHP cookie has 6h expiration
>>> time since I log in and it never get renewed.
>>>
>>> Best,
>>> Chris
>>>
>>>
>>>
>>> --
>>> --Everything should be made as simple as possible, but not simpler
>>> (Albert Einstein)
>>>
>>
>>
>>
>> --
>> --Everything should be made as simple as possible, but not simpler
>> (Albert Einstein)
>>
>
>
>
> --
> --Everything should be made as simple as possible, but not simpler (Albert
> Einstein)
>
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
Like Us on FacekBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
