BTW, another problem of setting the cookie in 6 hours is that if the user has a clock that is not synced (i.e. more than 6 hours ahead), the browser will expire the session cookie and the user cannot stay logged in.
Best, Chris On Tue, Sep 4, 2012 at 3:07 PM, Chris Cinelli < chris.cine...@formativelearning.com> wrote: > It looks like the code is in CakeSession.php > > I think I solved the cookie expiration problem with this in the core.php: > Configure::write('Session', array( > 'defaults' => 'php', > 'cookieTimeout' => 0, //Lives until the browser is closed. > 'checkAgent' => false //To fix a little the Chrome Frame problem > )); > > Pretty much all main website manage the session expiration using a session > cookie (that get removed when the browser is closed). Exceptions are > website that keep you loggedin like Facebook. They set the cookie > expiration to a month after login (but the user actually have to check the > box - "keep me logged in"). > > I think though that setting by default the cookie expiration to 6h (I > think it is the PHP session default) and NEVER updated it is a *BUG*. If > the user is on the website for 6h, he should not be forced to logging > again. This is a major problem if the user is writing some very long text > into a page that save the text with Ajax calls.* > * > BTW, the default behavior can actually create more security problems that > leave the cookie expire with the session. In fact if the user is on a > public computer and close the browser to finish his/her session, the > following user that connect before the 6h limit is going to be able to > reconnect to the website under the previous user credentials.* > > *Best, Chris > * > * > On Tue, Sep 4, 2012 at 12:19 PM, Chris Cinelli < > chris.cine...@formativelearning.com> wrote: > >> Anybody that know at least what it is the expected behavior? >> Is it normal that the CAKEPHP cookie has 6h expiration after login and >> never get updated? >> >> Best, >> Chris >> >> >> On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli < >> chris.cine...@formativelearning.com> wrote: >> >>> We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior >>> also on my Mac running on XAMPP and as far as I know we have always had >>> this problem. >>> >>> I would expect that: >>> >>> 1. The session expires if after a certain amount of time if there >>> are no more calls to the server. >>> 2. Activity on the server should update the expiring time. >>> >>> >>> Instead we noticed that after a certain amount of time, the user get >>> logged out and he has to log back in even if he accessed a page just a a >>> minute before. >>> I actually put even a "hertbeat" AJAX call that is been called every 20 >>> minutes that was supposed to prevent the session to expire, but sessions >>> keep getting lost. >>> >>> Is this the intended behavior? >>> >>> If it not I am not sure if the problem is on the frontend's cookie or >>> the backend;s session. I noticed that the CAKEPHP cookie has 6h expiration >>> time since I log in and it never get renewed. >>> >>> Best, >>> Chris >>> >>> >>> >>> -- >>> --Everything should be made as simple as possible, but not simpler >>> (Albert Einstein) >>> >> >> >> >> -- >> --Everything should be made as simple as possible, but not simpler >> (Albert Einstein) >> > > > > -- > --Everything should be made as simple as possible, but not simpler (Albert > Einstein) > -- --Everything should be made as simple as possible, but not simpler (Albert Einstein) -- Like Us on FacekBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.