Baz, Your steps above are what I see in my testing as well.I also noticed that when my session times out, auth.redirect was always set in the new session I'd see when hitting step #4. So I did this in my Users- >login method: function login() { $this->disableCache(); if ($this->Auth->user()) { //if the redirect was due to a failed /admin* page, then set redirect to login page if (stristr($this->Session->read('Auth.redirect'), 'admin') === TRUE) { $this->Session->write('Auth.redirect', '/users/login'); } //set some stuff for my app then... $this->redirect($this->Auth->redirect()); } else { if ($this->Session->check('Auth.redirect')) { if (!($this->Session->check('Message.flash') || $this->Session- >check('Message.auth'))){ $this->Session->setFlash(__('Your session has timed out. Please log in again.', true)); } } } } It seems to handle the case I started this thread with. I'm fairly new, so it may not be elegant or ideal. I'm learning on the go here, so any comments given are helpful. --Jeremy
On Feb 20, 7:35 pm, Baz <[EMAIL PROTECTED]> wrote: > OK, > > I've confirmed it with $this->Session->valid(). The problem is the redirects > to the login page. Let me explain: > > 1. We're logged in. This creates a session. > 2. Session expires. > 3. We try to access somewhere else, we jump into beforeFilter(), where > Session is invalid. > 4. We are then redirected to the login page, back into beforeFilter(), > this time with a fresh new session and no flash messages. > > You can test with this dirt simple example: > > 1. Set sessions in core to expire quickly (for testing) 10 seconds. > 2. Try to access restricted area (eg. Pages). You enter the > beforeFilter() for the pages controller, with a new session. Then forwarded > to the Users controller on the same session. Everything is fine. Flash > Displays. > 3. Let session expire. > 4. Point browser to restricted area (not using the back button). > Session is expired so, flash msg. not written properly. > 5. Redirected to Users controller for login on fresh session with no > flash. > > Any ideas? > > On Wed, Feb 20, 2008 at 5:20 PM, Baz <[EMAIL PROTECTED]> wrote: > > They wanted something slightly different in that ticket. And I believe the > > functionality they wanted is already in $this->Session->valid()... > > > I *think* my problem is that beforeFilter() is run twice: once with the > > invalid session, then another time for another redirect, with a new Session. > > So when the new session starts, I have no information about the old session. > > All the flash messages that have been set, get reset.... > > > I think... > > > On Wed, Feb 20, 2008 at 2:19 PM, lemp <[EMAIL PROTECTED]> wrote: > > > > A ticket was opened a few months ago and was set to "wontfix". > > > >https://trac.cakephp.org/ticket/3404 > > > > But I do agree this is quite annoying. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---