Re: Auth/Twitter/Safari issues - logged out of my Cake site after authenticating with Twitter, only on Safari

[mixed blessing]

Well, I spent a bit more time on this, and narrowed it down to
ini_set('session.referer_check', $this-host);, which I guess is about
the only difference between medium and low security (except cookie
duration).  When I remove the line from cake/libs/session.php (from
the 'medium' case), everything is fine.  Not sure why this problem
only presents on Safari, and not exactly sure what solution I'll
choose to address it, but at least I better understand my options.

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Auth/Twitter/Safari issues - logged out of my Cake site after authenticating with Twitter, only on Safari

[mixed blessing]

I'm afraid sessions and auth is a place where I never get the big
picture, so any advice on where to start looking for a solution for
this issue would be much appreciated.

I have a site running with CakePHP, and these are the components I use
in the user controller:
'AutoLogin','Auth','Session','Cookie','Upload','Email','RequestHandler'

I'm using EPITwitter (by Jaisen Mathai) to retrieve the OAuth token
from a users Twitter account so that I can tweet information for them.
On Firefox, everything is fine; a user logs in to the CakePHP site,
hits the button to connect to Twitter (this leaves the site to load a
Twitter page), clicks Allow, and Twitter calls my callback url with
the OAuth token for me to store, all is good.

However, on Safari, after the user hits 'Allow' on the Twitter site,
the callback url is called, but they are automatically logged out of
my site. I don't know why the session is lost. You can return to the
site and everything is fine up until the callback url is called; my
assumption is that Twitter does something that affects my session, but
I don't know what.

If I go to core.php and reduce Security to 'low' (it's already on
medium), everything works fine, but I'm not familiar enough with
security to judge if that's acceptable. Also, if the user clicks the
checkbox that activates AutoLogin (making the session persistent),
then things work fine as well.

I tried changing my sessionKey from 'Auth' to something else in case
there's some kind of conflict, but it just breaks my login altogether,
and I'm not sure it's a valid solution anyway (if it is, I'll invest
more time in figuring it out).

Any tips at all would be most welcome.

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en