At security level high CakePHP creates a new session id for each request (often enough anyway). This behaviour might be causing you problems using Ajax. The intermittent aspect of the problem is because ajax will be fine as long as you don't make use of the A too much.
Cake will only allow one concurrent request from the same session. if you send a second request to the server without the first having returned (and updated the session id in the browser) you will be sending an old "used" session id and Cake will think you are a hacker and shut you down. So in practice whenever you use ajax you set the level to medium and live with it. maybe someone has built some kind of queu-system for Prototype or jQuery, I don't know. Initial page load Cake id=1 => Browser id=1 link clicked Browser id=1 => Cake gets 1 and changes to 2 => Browser gets=2 ajax update and link clicked "at the same time" Browser id=2 => Cake gets 2 and changes to 3 => Browser gets=3 Browser id=2 => Cake gets 2 again, gets upset and flips you off :) Apart from the session timeout time, this is afaik the only difference between high and medium security level. The other thing to beware of in relation to this is the Security component and the way it protects forms. You will almost certainly get locked out is you submit forms using ajax to update something... since each form will contain a hash and can only be sent once. /Martin On Sep 9, 4:35 am, learning_cake_php <lunaro...@gmail.com> wrote: > i dont think im the only one asked this question but i just wanted to > be sure > that solutions i found in the net is correct and secure.. > my problem is when i do an ajax call sometimes my session is lost > sometimes its not..say for instance, i have a textbox where every time > the value is change the ajax call is triggered. sometimes the session > i just set > is lost then when i typed again on the textbox, the session is not > lost.. > > some solution says that i have to: > Set Configure::write(’Security.level’, ‘medium’); > > well i havnt tried it though, but they said it will not destroy the > session when > the browser is being closed, which is not good.. > > is there any way around this? > im using cake 1.2.. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
