Holy crap, you people possibly saved my life and/or sanity with this. I signed up at nabble just so I could tell you that. I use cake actions to generate images for image galleries, and since those requests are within the completely arbitrary 2-second time frame for session renews, that's what's been killing our "logged in" sessions. I would be angrier with the cakephp creators, but setting security to "medium" is such a simple fix....
[EMAIL PROTECTED] wrote: > > > Baz, it changed a few months ago for the high setting if I recall > correctly. It bit a few people in the butt at the time. > > See: > https://trac.cakephp.org/changeset/5982 > https://trac.cakephp.org/browser/branches/1.1.x.x/cake/libs/session.php#L536 > ( 1.1 ) > https://trac.cakephp.org/browser/branches/1.2.x.x/cake/libs/session.php#L562 > ( 1.2 ) > > > On Mar 13, 6:42 am, Baz <[EMAIL PROTECTED]> wrote: >> Correct me if I'm wrong, but doesn't the security level just extend the >> time >> the session is active? >> >> On Thu, Mar 13, 2008 at 4:00 AM, DerManoMann <[EMAIL PROTECTED]> wrote: >> >> > Hi all, >> >> > and thanks for your time and input. >> > I tried all three suggestions and the winner is.... >> > Adam and the Security.level! >> >> > I am sure the other suggestions have their place too, but for me >> > setting the security level to medium did the trick. >> >> > Again, thanks (and until my next question ;) >> >> > Cheers, mano >> >> > On Mar 13, 1:45 pm, Adam Royle <[EMAIL PROTECTED]> wrote: >> > > This is just a stab in the dark - if you have >> > > Configure::write('Security.level', 'high') then your session id is >> > > regenerated on each request. If you have simultaneous ajax >> connections >> > > (or are refreshing the browser continually without letting the page >> > > load fully) it seems plausible that your session id could be >> > > regenerated, but the browser wasn't informed, therefore producing an >> > > invalid session. >> >> > > Try setting Security.level = 'medium' to see if this fixes your >> issue. >> >> > > Otherwise do what Chris Hartjes suggests and set Session.checkAgent = >> > > false >> >> > > Cheers, >> > > Adam >> >> > > On Mar 12, 7:48 pm, DerManoMann <[EMAIL PROTECTED]> wrote: >> >> > > > hi there, >> >> > > > I have tried to implement an upload progress bar and found that the >> > > > ajax requests cause the current session to become invalid. >> >> > > > Further experimenting turned out that the same happens by just >> hitting >> > > > reload a few times fast enough. I am using authentication with code >> in >> > > > the app_controller a la: >> >> > > > function beforeFilter(){ >> > > > $this->Auth->loginAction = array('controller' => >> > 'users', 'action' >> > > > => 'login'); >> > > > $this->Auth->loginRedirect = '/; >> > > > $this->Auth->logoutRedirect = '/'; >> >> > > > // use controller's isAuthorized() >> > > > $this->Auth->authorize = 'controller'; >> >> > > > // need active user >> > > > $this->Auth->userScope = array('User.active' => 1); >> > > > } >> >> > > > Basically all is working fine, just a single bit of load (or >> parallel >> > > > requests perhaps?) break it and the user gets a login screen again. >> >> > > > I am using cake_1.2.0.6311-beta on XP, but the same happens on the >> > > > production env. which is some sort of *nix. >> >> > > > Any help much appreciated. >> >> > > > cheers, mano > > > > -- View this message in context: http://www.nabble.com/Cake-1.2-losing-auth-session-under-load-tp16003887p17680643.html Sent from the CakePHP mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---