Much better :)
I've also experienced problems with sessions expiring with Auth:
http://groups.google.com/group/cake-php/browse_thread/thread/91c716ad396513e1/2c744b3bedde6781?lnk=gst&q=session+expire+auth#2c744b3bedde6781
Bottom line, there's not much that can be done. Apparently, the "session"
seems to be written to the old one, and when we redirect, certain things get
re-written or something.
Who knows, maybe it's expecting behavior (based on the way sessions work).
I've just resorted to using cookies when I want to be positive about what's
going on. Also, keep in mind with for any page load (per controller),
beforeFilter() can be run multiple times (redirects), but beforeRender()
only once.
Not sure if this helps your or not. But hey, if the session expires, chances
are the user can't remember where they wanted to go anyway :)
On Mon, Feb 25, 2008 at 2:31 AM, [EMAIL PROTECTED] <
[EMAIL PROTECTED]> wrote:
>
>
> The reason I did not post any code is that it is pretty much straight
> out of the popular tutorials linked to in Frequent Discussions.
> It is pretty stripped down now that I have started poking around. No
> ACL or anything like that.
>
> The "wrong page" is defined as: not the page that AuthComponent is
> designed to send me to (as I understand the code in Auth at least).
> AuthComponent writes an URL to the Session but is subsequently unable
> to find that URL in the Session on next request (when the login page
> is requested).
>
> I am not externally feeding Auth with a redirection URL. The problem I
> have found is the internal redirection-setup inside the Component.
>
> around line 311 (may be off since I have added and removed a few log-
> lines in my file by now.) we have this code-block:
> if (!$this->user()) {
> if (!$this->RequestHandler->isAjax()) {
> $this->Session->setFlash($this->authError, 'default',
> array(),
> 'auth');
> $this->Session->write('Auth.redirect', $url);
> $controller->redirect($this->loginAction, null, true);
> return false;
> ...
> As I read this here is where Auth writes the current URL (which is
> determined about 30 lines above) to the Session and then redirects to
> the logjn page. Next when we are on the login page we end up at line
> 288 (or close to it) where we find this:
>
> if (empty($controller->data) || !isset($controller->data[$this-
> >userModel])) {
> if (!$this->Session->check('Auth.redirect') && env('HTTP_REFERER'))
> {
> $this->Session->write('Auth.redirect',
> $controller->referer());
> }
> return false;
> }
> My read: If we have no posted data we check for a stored redirect in
> the session. If none is found but we do have a referer then write that
> to the session.
>
> The funny thing here is that every time we let a session expire these
> two bits of code are both run (I have log-lines to read the
> redirection values) and both write to the Session. This is what leads
> me to believe that the session is deleted between these statements and
> that this is a bug or problem of some kind.
>
> The easiest way to test this for yourself is to set the session TTL to
> 10s or something really quick.
> Request a page and wait for session to time out.
> Click a link.
> Enter your login data on the login-page you are redirected to.
> Watch where you are redirected to after login.
>
> I believe you should end up on the page you clicked for but I always
> end up on the page I "was on" when I clicked.
> Redirects work just as I expect when there is no existing session
> (fresh browser or no timeout). This only happens when a session times
> out and you then directly access a protected page.
>
>
> Here is my auth-code for you to take a look at. It is pretty simple:
> app_controller->beforeFilter:
>
> if ( isset($this->Auth) )
> {
> $this->Auth->fields = array('username' => 'email', 'password' =>
> 'password');
> $this->Auth->loginAction = '/users/login';
> $this->Auth->autoRedirect = true;
> $this->Auth->loginRedirect = '/';
> $this->Auth->logoutRedirect = '/';
>
> if (in_array(low($this->params['controller']), $this-
> >publicControllers))
> {
> $this->Auth->allow();
> }
> $this->set('auth', $this->Auth->user() );
> }
>
>
> users_controller:
> function login()
> {
> $this->pageTitle = 'login_heading';
> }
>
> function logout()
> {
> $this->Session->setFlash( $this->Lang->show('login_logout'),
> 'default', array(), 'ok');
> $this->redirect($this->Auth->logout());
> }
>
>
>
>
>
> On Feb 23, 12:01 am, Baz <[EMAIL PROTECTED]> wrote:
> > You can't make statements like "wrong page" etc, if no one has a clue as
> to
> > what your setup is. At least show your Auth setup.
> >
> > I haven't expirenced your issues (I'm not even sure what your issues
> are),
> > but there is some funny behavior when the session expires.
> >
> > Basically, I lose my Flash Message when trying to access a restricted
> area.
> > This is because there are multiple redirects and the flash is written to
> an
> > "invalid" session. Read all the yummy goodness:
> >
> > http://groups.google.com/group/cake-php/browse_thread/thread/91c716ad...
> >
> > On Fri, Feb 22, 2008 at 3:21 PM, [EMAIL PROTECTED] <
> >
> > [EMAIL PROTECTED]> wrote:
> >
> > > Hi,
> > > I got interested in poking around in AuthComponent since I found some
> > > odd redirecting when sessions expire. Have I managed to cause this
> > > somehow or is this a problem known to you all? I have read a lot about
> > > strange redirections but my problem has been boiled down to a very
> > > specific behavior.
> >
> > > When I login I get redirected to the wrong page.
> > > If I am on a page, let the session expire, and then click a link: I
> > > expect to be redirected to the page I clicked for after login. What
> > > happens is that I am redirected to the page I was on when I clicked.
> >
> > > If I type an url or refresh (no referer) a page that has expired: I am
> > > redirected to the default page set in Auth.
> >
> > > What happens is that Auth writes the current url to the session (as
> > > Auth.redirect) before redirecting to the login action. This session is
> > > then "renewed". At least I guess so since the session data is empty
> > > when the login action checks for the value. The session-data is then
> > > written again using the "wrong" referer.
> >
> > > I have checked all this by logging each time Auth referes to
> > > 'Auth.redirect'. Auth does not actively kill the session so it is hard
> > > to decide if Auth or the Session-class is to blame.
> >
> > > I haven't found out exactly where the session-data is being deleted.
> > > SessionComponent calls destroy before the first Session-write in Auth
> > > but not between the first write and the login-action. I thouht you
> > > could kill a session and start a new one in mid-request so to speak?
> >
> > > It is getting late in my part of the world now. I'll add to this
> > > thread if/when I find anything else related to this.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
