Saw this note from phpnut in bug #3507 on trac:
=============
Added id() to Session helper and component to return current Session
id, the component accepts a $id parameter to force setting the Session
id which must be called in a Controller::beforeFilter().
Sessions id are not longer renewed if a request is from Ajax, or from
requestAction();
When Security.level (1.2) or CAKE_SECURITY (1.1) is set the 'high'
renewing of Session id only happens if request is 2 seconds after the
last request.
Added $_Session[Config][timeout] which forces renewing Session if
request are within the 2 second limit and over 10 request. If an
application is expected to make multiple request (more than 10) to the
server in a single proccess, Configure::write('Security.level',
'medium'); (1.2) or $this->Session->security = 'medium'; (1.1) should
be used in a beforeFilter for the specific methods.
=============
Anyone understand what this means for ajax requests when CAKE_SECURITY
is high in 1.18? Do we need to change any of our session handling and/
or ajax code?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
