Re: Authentication and multiple ajax request

2015-01-17 Thread euromark 
Well, what you are doing there is pretty wrong in the first place.
Calling login($data) directly logs in whatever you send it (see the docs 
for details), rendering a form login process invalid and insecure.
You should, just as with any other non-ajax request, properly use the Auth 
adapters to log that person in, thus preventing
it from being called twice.
Because if your wrong login() call does work the first time (as it always 
does with whatever data you feed it), the second one
then fails because that person is already logged in. This can and should be 
caught before hand and the login process then aborted
with the message "already logged in".

mark



Am Samstag, 17. Januar 2015 07:12:45 UTC+1 schrieb Ryan de Haast:
>
> Hi All
>
> I recently discovered that cake authentication class does not like 
> multiple ajax requests.
>
> While recently testing my app, I found it would return a 403 error the 
> moment I do multiple ajax requests on a logged in user.
>
> I managed to narrow it down to the following code:
>
>
> $auth = $this->Session->read("Auth");
>>
>> $this->Auth->login($auth);
>>
>> $this->Session->write("Auth",$auth);
>>
>
> The Auth session variable would contain all the login details based on the 
> user.
>
> The above code is in the beforeFilter function within my AppController. 
> Upon debugging the first ajax attempt would send the $auth variable through 
> to the $this->Auth->login($auth); however every other ajax event would fail 
> result in a 403 error being returned.
> After much debugging I managed to discover the above. I checked on every 
> test run whether the session variable returned any data and whether the 
> session data was passed through to isAuthorized function in the same 
> controller.
>
> The session data was never empty, but would only enter the isAuthroized 
> function on the first ajax event, but not on the consecutive ajax events.
>
> Would anybody know a solution to this problem?
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.

Authentication and multiple ajax request

2015-01-17 Thread Ryan de Haast 
Hi All

I recently discovered that cake authentication class does not like multiple 
ajax requests.

While recently testing my app, I found it would return a 403 error the 
moment I do multiple ajax requests on a logged in user.

I managed to narrow it down to the following code:


$auth = $this->Session->read("Auth");
>
> $this->Auth->login($auth);
>
> $this->Session->write("Auth",$auth);
>

The Auth session variable would contain all the login details based on the 
user.

The above code is in the beforeFilter function within my AppController. 
Upon debugging the first ajax attempt would send the $auth variable through 
to the $this->Auth->login($auth); however every other ajax event would fail 
result in a 403 error being returned.
After much debugging I managed to discover the above. I checked on every 
test run whether the session variable returned any data and whether the 
session data was passed through to isAuthorized function in the same 
controller.

The session data was never empty, but would only enter the isAuthroized 
function on the first ajax event, but not on the consecutive ajax events.

Would anybody know a solution to this problem?

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.