Re: Session expiring when Flash file calls controller method in background
Hi all,
I fixed this problem and wanted to share the solution.
After reading other posts I realized this issue is similar to the one
talked about in SWFobject.swf posts on this board. After reading
those threads fixed this by adding some text to
app/config/bootstrap.php to use an existing session, and changing
session.php to work if the user agent is flash. I also had to change
the security to low in core.php.
Added to the bottom of app/config/bootstrap.php
if (isset($_REQUEST[CAKE_SESSION_COOKIE]))
{
session_name(CAKE_SESSION_COOKIE);
session_id($_REQUEST[CAKE_SESSION_COOKIE]);
}
Replaced __checkValid function in cake/session.php with
function __checkValid() {
if ($this-read('Config')) {
if (($this-_userAgent == $this-read(Config.userAgent)
OR $this-__isFlashAgent())
$this-time = $this-read(Config.time))
{
$this-write(Config.time, $this-sessionTime);
$this-valid = true;
} else {
$this-valid = false;
$this-__setError(1, Session Highjacking
Attempted !!!);
$this-destroy();
}
} else {
srand ((double)microtime() * 100);
$this-write(Config.userAgent, $this-_userAgent);
$this-write(Config.time, $this-sessionTime);
$this-write('Config.rand', rand());
$this-valid = true;
$this-__setError(1, Session is valid);
}
}
function __isFlashAgent() {
$flashAgent = array('Shockwave Flash','Adobe Flash Player
9','Adobe Flash Player 8');
foreach ($flashAgent as $agent) {
if (md5($agent. CAKE_SESSION_STRING) == $this-
_userAgent)
return true;
}
}
And finally changed config/core.php
define('CAKE_SECURITY', 'low');
Thanks to everyone who helped, this was a real headache for me. Hope
it helps someone in the future.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
I guess that Flash 9 has got this problem fixed. you can check your module
with flash 9.
Thanks.
On Feb 9, 2008 6:34 AM, skoggins [EMAIL PROTECTED] wrote:
Hmm... looking at core.php I see everything starts with define(...);
Do I need a different syntax then just plopping
Configure::write('Session.checkAgent', false); in there?
On Feb 8, 4:49 pm, Chris Hartjes [EMAIL PROTECTED] wrote:
On Feb 8, 2008 7:31 PM, skoggins [EMAIL PROTECTED] wrote:
Hi guys,
Quick question. Where is Configure::write('Session.checkAgent',
false); supposed to go? In config/core.php or in the controller
action?
Thanks.
Well, if you want it application-wide than put it in config/core.php.
--
Chris Hartjes
Internet Loudmouth
Motto for 2008: Moving from herding elephants to handling snakes...
@TheKeyBoard:http://www.littlehart.net/atthekeyboard
--
Thanks Regards,
Novice (http://ishuonweb.wordpress.com/).
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hi guys,
Quick question. Where is Configure::write('Session.checkAgent',
false); supposed to go? In config/core.php or in the controller
action?
Thanks.
On Feb 4, 3:48 pm, skoggins [EMAIL PROTECTED] wrote:
Ok. Thanks!
On Feb 4, 2:20 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Yeah, that's definitely the problem... I ran across someone else
discussing it recently as well. When Flash does a POST it uses an
agent string of Flash Player or similar instead of the browser's
user-agent (no idea why).
Only way to work around it is to change Cake so that it doesn't
consider user-agent when checking sessions. So, you've got to upgrade
or find the part of the session source code that checks the agent and
comment that out (no idea, I'm using 1.2beta).
Troy.
On Feb 4, 2008 3:53 PM, skoggins [EMAIL PROTECTED] wrote:
I found out some more info about the problem. It only logs me out
when I do a POST from Flash. Get works fine. I haven't been able
to upgrade to 1.1.19 yet so I can't try:
Configure::write('Session.checkAgent', false);
Troy, my flash player is version 8,0,22,0 and I am running XP.
Does this still sound like the same problem? Is there a fix without
having to upgrade?
Thanks.
On Jan 30, 3:15 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Configure::write('Session.checkAgent', false);
Yes, that's most likely it. While the agent should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.
Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?
Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
When I put it in config/core.php it gives me:
Fatal error: Class 'Configure' not found
in both version 1.1.18.5850 and 1.1.19.6350.
When I put it in the controller it doesn't throw an error but doesn't
fix the problem either. Configure::version(); works in the controller
so I'm assuming I have access to the class.
Any ideas why this is? Thanks for the help, this is driving me
insane.
On Feb 8, 4:49 pm, Chris Hartjes [EMAIL PROTECTED] wrote:
On Feb 8, 2008 7:31 PM, skoggins [EMAIL PROTECTED] wrote:
Hi guys,
Quick question. Where is Configure::write('Session.checkAgent',
false); supposed to go? In config/core.php or in the controller
action?
Thanks.
Well, if you want it application-wide than put it in config/core.php.
--
Chris Hartjes
Internet Loudmouth
Motto for 2008: Moving from herding elephants to handling snakes...
@TheKeyBoard:http://www.littlehart.net/atthekeyboard
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hmm... looking at core.php I see everything starts with define(...);
Do I need a different syntax then just plopping
Configure::write('Session.checkAgent', false); in there?
On Feb 8, 4:49 pm, Chris Hartjes [EMAIL PROTECTED] wrote:
On Feb 8, 2008 7:31 PM, skoggins [EMAIL PROTECTED] wrote:
Hi guys,
Quick question. Where is Configure::write('Session.checkAgent',
false); supposed to go? In config/core.php or in the controller
action?
Thanks.
Well, if you want it application-wide than put it in config/core.php.
--
Chris Hartjes
Internet Loudmouth
Motto for 2008: Moving from herding elephants to handling snakes...
@TheKeyBoard:http://www.littlehart.net/atthekeyboard
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Yeah, that's definitely the problem... I ran across someone else
discussing it recently as well. When Flash does a POST it uses an
agent string of Flash Player or similar instead of the browser's
user-agent (no idea why).
Only way to work around it is to change Cake so that it doesn't
consider user-agent when checking sessions. So, you've got to upgrade
or find the part of the session source code that checks the agent and
comment that out (no idea, I'm using 1.2beta).
Troy.
On Feb 4, 2008 3:53 PM, skoggins [EMAIL PROTECTED] wrote:
I found out some more info about the problem. It only logs me out
when I do a POST from Flash. Get works fine. I haven't been able
to upgrade to 1.1.19 yet so I can't try:
Configure::write('Session.checkAgent', false);
Troy, my flash player is version 8,0,22,0 and I am running XP.
Does this still sound like the same problem? Is there a fix without
having to upgrade?
Thanks.
On Jan 30, 3:15 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Configure::write('Session.checkAgent', false);
Yes, that's most likely it. While the agent should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.
Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?
Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Ok. Thanks!
On Feb 4, 2:20 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Yeah, that's definitely the problem... I ran across someone else
discussing it recently as well. When Flash does a POST it uses an
agent string of Flash Player or similar instead of the browser's
user-agent (no idea why).
Only way to work around it is to change Cake so that it doesn't
consider user-agent when checking sessions. So, you've got to upgrade
or find the part of the session source code that checks the agent and
comment that out (no idea, I'm using 1.2beta).
Troy.
On Feb 4, 2008 3:53 PM, skoggins [EMAIL PROTECTED] wrote:
I found out some more info about the problem. It only logs me out
when I do a POST from Flash. Get works fine. I haven't been able
to upgrade to 1.1.19 yet so I can't try:
Configure::write('Session.checkAgent', false);
Troy, my flash player is version 8,0,22,0 and I am running XP.
Does this still sound like the same problem? Is there a fix without
having to upgrade?
Thanks.
On Jan 30, 3:15 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Configure::write('Session.checkAgent', false);
Yes, that's most likely it. While the agent should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.
Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?
Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
I found out some more info about the problem. It only logs me out
when I do a POST from Flash. Get works fine. I haven't been able
to upgrade to 1.1.19 yet so I can't try:
Configure::write('Session.checkAgent', false);
Troy, my flash player is version 8,0,22,0 and I am running XP.
Does this still sound like the same problem? Is there a fix without
having to upgrade?
Thanks.
On Jan 30, 3:15 pm, Troy Gilbert [EMAIL PROTECTED] wrote:
Configure::write('Session.checkAgent', false);
Yes, that's most likely it. While the agent should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.
Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?
Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Configure::write('Session.checkAgent', false);
Yes, that's most likely it. While the agent should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.
Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?
Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Session expiring when Flash file calls controller method in background
Hi all, I have a problem with a Flash file calling a function in my controller using send and load. After the fcn is called and the database is updated the Session no longer exists for some reason. Has anyone had a problem like this? Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Yes, I had the same issue. I traced the problem to the CakeSession
component and hacked the core to fix mine, however I think they have
fixed this in newer builds. I *think* this should work.
Configure::write('Session.checkAgent', false);
Adam
On Jan 31, 8:32 am, skoggins [EMAIL PROTECTED] wrote:
Hi all,
I have a problem with a Flash file calling a function in my controller
using send and load. After the fcn is called and the database is
updated the Session no longer exists for some reason. Has anyone had
a problem like this?
Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hi Adam,
Thanks, I'm glad I'm not just crazy. I put that line of code in
config/core.php but it tells me undefined class 'configure' . Is
this supported in 1.1? because that is what I am using.
Thanks!
On Jan 30, 2:45 pm, Adam Royle [EMAIL PROTECTED] wrote:
Yes, I had the same issue. I traced the problem to the CakeSession
component and hacked the core to fix mine, however I think they have
fixed this in newer builds. I *think* this should work.
Configure::write('Session.checkAgent', false);
Adam
On Jan 31, 8:32 am, skoggins [EMAIL PROTECTED] wrote:
Hi all,
I have a problem with a Flash file calling a function in my controller
using send and load. After the fcn is called and the database is
updated the Session no longer exists for some reason. Has anyone had
a problem like this?
Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Update to the latest version of 1.1 and it should work (r 6305).
On Jan 31, 1:54 pm, skoggins [EMAIL PROTECTED] wrote:
Hi Adam,
Thanks, I'm glad I'm not just crazy. I put that line of code in
config/core.php but it tells me undefined class 'configure' . Is
this supported in 1.1? because that is what I am using.
Thanks!
On Jan 30, 2:45 pm, Adam Royle [EMAIL PROTECTED] wrote:
Yes, I had the same issue. I traced the problem to the CakeSession
component and hacked the core to fix mine, however I think they have
fixed this in newer builds. I *think* this should work.
Configure::write('Session.checkAgent', false);
Adam
On Jan 31, 8:32 am, skoggins [EMAIL PROTECTED] wrote:
Hi all,
I have a problem with a Flash file calling a function in my controller
using send and load. After the fcn is called and the database is
updated the Session no longer exists for some reason. Has anyone had
a problem like this?
Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
