Re: Before filter, the session falls
Ok
I tried to set CAKE security on a medium level, and now it works
correctly.
Thanks to all.
On 3 Nov, 15:55, mcphisto <[EMAIL PROTECTED]> wrote:
> Ok, maybe this is the problem. I experienced sessions falling when
> using live search or when opening blank pages. Now I changed the
> configuration in core php as in the article suggested by monmonja.
> Very good and clear article. Now I try and then I'l tell you.
>
> Thank you.
>
> On 3 Nov, 15:07, monmonja <[EMAIL PROTECTED]> wrote:
>
>
>
> > You could probably look at
> > thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/
>
> > On Nov 3, 7:44 pm, "[EMAIL PROTECTED]"
>
> > <[EMAIL PROTECTED]> wrote:
> > > There has been scattered reports from people experiencing
> > > unpredictable loss of sessions.
> > > I have noticed this myself at times.
>
> > > What I understood about it was that the problem stems from the level
> > > of security set in Cake's config. When it is set "too high" you can
> > > accidentally be caught "hacking your own app" so to speek. The phrase
> > > "too high" is definitely poorly chosen and should not be taken to mean
> > > that most of us should lower our default security settings.
>
> > > An example of what can happen: You have a page doing periodical ajax
> > > calls. You click a link during the time Cake is processing one of
> > > these ajax calls. Your request will be "parallel" with the ajax call
> > > and therefore caught in the security check. Or at least something
> > > roughly like this. I have not had a detailed look inside Cakes
> > > security and session classes.
>
> > > I have also noticed this happening when uploading files and doing 2-3
> > > redirects after each-other. Those are unfortunately hard to reproduce
> > > at will.
>
> > > /Martin
>
> > > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote:
>
> > > > Well,
> > > > I've a big big problem with two applications of mine. I use an
> > > > authentication method made with before filter.
> > > > The problem is that, after a login it works correctly. Then, without a
> > > > reason, the application seems to loose the session and brings me back
> > > > to the login form. For this reason, I really can't understand what
> > > > happens and when. Is there a way to produce a log for the application?
> > > > Or otherwise, how I can unserstand what happens? That's the code in
> > > > app_controller.php:
>
> > > > function checkSession()
> > > > {
> > > > // If the session info hasn't been set...
> > > > if (!$this->Session->check('Dealer'))
> > > > {
> > > > // Force the user to login
> > > > $this->redirect('/dealers/login');
> > > > exit();
> > > > }
> > > > }
>
> > > > And this in dealer_controller.php
>
> > > > function login()
> > > > {
> > > > //Don't show the error message if no data has been submitted.
> > > > $this->set('error', false);
>
> > > > // If a user has submitted form data:
> > > > if (!empty($this->data))
> > > > {
> > > > // First, let's see if there are any users in the database
> > > > // with the username supplied by the user using the form:
>
> > > > $someone = $this->Dealer->findByUsername($this-
>
> > > > >data['Dealer']['username']);
>
> > > > // At this point, $someone is full of user data, or its
> > > > empty.
> > > > // Let's compare the form-submitted password with the one
> > > > in
> > > > // the database.
>
> > > > if(!empty($someone['Dealer']['username']) &&
> > > > $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> > > > {
> > > > // Note: hopefully your password in the DB is hashed,
> > > > // so your comparison might look more like:
> > > > // md5($this->data['User']['password']) == ...
>
> > > > // This means they were the same. We can now build
> > > > some basic
> > > > // session information to remember this user as
> > > > 'logged-in'.
>
> > > > $this->Session->write('Dealer', $someone['Dealer']);
>
> > > > // Now that we have them stored in a session, forward
> > > > them on
> > > > // to a landing page for the application.
>
> > > > $this->redirect('/customers/index_search');
> > > > }
> > > > // Else, they supplied incorrect data:
> > > > else
> > > > {
> > > > // Remember the $error var in the view? Let's set that
> > > > to true:
> > > > $this->set('error', true);
> > > > }
> > > > }
> > > > }
>
> > > > function logout()
> > > > {
> > > > // Redirect users to this action if they click on a Logout
> > > > button.
> > > > // All we need to do here is trash the session information:
>
> > > > $this
Re: Before filter, the session falls
Ok, maybe this is the problem. I experienced sessions falling when
using live search or when opening blank pages. Now I changed the
configuration in core php as in the article suggested by monmonja.
Very good and clear article. Now I try and then I'l tell you.
Thank you.
On 3 Nov, 15:07, monmonja <[EMAIL PROTECTED]> wrote:
> You could probably look at
> thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/
>
> On Nov 3, 7:44 pm, "[EMAIL PROTECTED]"
>
>
>
> <[EMAIL PROTECTED]> wrote:
> > There has been scattered reports from people experiencing
> > unpredictable loss of sessions.
> > I have noticed this myself at times.
>
> > What I understood about it was that the problem stems from the level
> > of security set in Cake's config. When it is set "too high" you can
> > accidentally be caught "hacking your own app" so to speek. The phrase
> > "too high" is definitely poorly chosen and should not be taken to mean
> > that most of us should lower our default security settings.
>
> > An example of what can happen: You have a page doing periodical ajax
> > calls. You click a link during the time Cake is processing one of
> > these ajax calls. Your request will be "parallel" with the ajax call
> > and therefore caught in the security check. Or at least something
> > roughly like this. I have not had a detailed look inside Cakes
> > security and session classes.
>
> > I have also noticed this happening when uploading files and doing 2-3
> > redirects after each-other. Those are unfortunately hard to reproduce
> > at will.
>
> > /Martin
>
> > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote:
>
> > > Well,
> > > I've a big big problem with two applications of mine. I use an
> > > authentication method made with before filter.
> > > The problem is that, after a login it works correctly. Then, without a
> > > reason, the application seems to loose the session and brings me back
> > > to the login form. For this reason, I really can't understand what
> > > happens and when. Is there a way to produce a log for the application?
> > > Or otherwise, how I can unserstand what happens? That's the code in
> > > app_controller.php:
>
> > > function checkSession()
> > > {
> > > // If the session info hasn't been set...
> > > if (!$this->Session->check('Dealer'))
> > > {
> > > // Force the user to login
> > > $this->redirect('/dealers/login');
> > > exit();
> > > }
> > > }
>
> > > And this in dealer_controller.php
>
> > > function login()
> > > {
> > > //Don't show the error message if no data has been submitted.
> > > $this->set('error', false);
>
> > > // If a user has submitted form data:
> > > if (!empty($this->data))
> > > {
> > > // First, let's see if there are any users in the database
> > > // with the username supplied by the user using the form:
>
> > > $someone = $this->Dealer->findByUsername($this-
>
> > > >data['Dealer']['username']);
>
> > > // At this point, $someone is full of user data, or its
> > > empty.
> > > // Let's compare the form-submitted password with the one
> > > in
> > > // the database.
>
> > > if(!empty($someone['Dealer']['username']) &&
> > > $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> > > {
> > > // Note: hopefully your password in the DB is hashed,
> > > // so your comparison might look more like:
> > > // md5($this->data['User']['password']) == ...
>
> > > // This means they were the same. We can now build
> > > some basic
> > > // session information to remember this user as
> > > 'logged-in'.
>
> > > $this->Session->write('Dealer', $someone['Dealer']);
>
> > > // Now that we have them stored in a session, forward
> > > them on
> > > // to a landing page for the application.
>
> > > $this->redirect('/customers/index_search');
> > > }
> > > // Else, they supplied incorrect data:
> > > else
> > > {
> > > // Remember the $error var in the view? Let's set that
> > > to true:
> > > $this->set('error', true);
> > > }
> > > }
> > > }
>
> > > function logout()
> > > {
> > > // Redirect users to this action if they click on a Logout
> > > button.
> > > // All we need to do here is trash the session information:
>
> > > $this->Session->delete('Dealer');
>
> > > // And we should probably forward them somewhere, too...
>
> > > $this->redirect('/dealers/login');
> > > }- Nascondi testo citato
>
> - Mostra testo citato -
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Re: Before filter, the session falls
You could probably look at this
http://monmonja.com/blog/2008/09/making-cakephp-and-session-work/
On Nov 3, 7:44 pm, "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]> wrote:
> There has been scattered reports from people experiencing
> unpredictable loss of sessions.
> I have noticed this myself at times.
>
> What I understood about it was that the problem stems from the level
> of security set in Cake's config. When it is set "too high" you can
> accidentally be caught "hacking your own app" so to speek. The phrase
> "too high" is definitely poorly chosen and should not be taken to mean
> that most of us should lower our default security settings.
>
> An example of what can happen: You have a page doing periodical ajax
> calls. You click a link during the time Cake is processing one of
> these ajax calls. Your request will be "parallel" with the ajax call
> and therefore caught in the security check. Or at least something
> roughly like this. I have not had a detailed look inside Cakes
> security and session classes.
>
> I have also noticed this happening when uploading files and doing 2-3
> redirects after each-other. Those are unfortunately hard to reproduce
> at will.
>
> /Martin
>
> On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote:
>
> > Well,
> > I've a big big problem with two applications of mine. I use an
> > authentication method made with before filter.
> > The problem is that, after a login it works correctly. Then, without a
> > reason, the application seems to loose the session and brings me back
> > to the login form. For this reason, I really can't understand what
> > happens and when. Is there a way to produce a log for the application?
> > Or otherwise, how I can unserstand what happens? That's the code in
> > app_controller.php:
>
> > function checkSession()
> > {
> > // If the session info hasn't been set...
> > if (!$this->Session->check('Dealer'))
> > {
> > // Force the user to login
> > $this->redirect('/dealers/login');
> > exit();
> > }
> > }
>
> > And this in dealer_controller.php
>
> > function login()
> > {
> > //Don't show the error message if no data has been submitted.
> > $this->set('error', false);
>
> > // If a user has submitted form data:
> > if (!empty($this->data))
> > {
> > // First, let's see if there are any users in the database
> > // with the username supplied by the user using the form:
>
> > $someone = $this->Dealer->findByUsername($this-
>
> > >data['Dealer']['username']);
>
> > // At this point, $someone is full of user data, or its
> > empty.
> > // Let's compare the form-submitted password with the one
> > in
> > // the database.
>
> > if(!empty($someone['Dealer']['username']) &&
> > $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> > {
> > // Note: hopefully your password in the DB is hashed,
> > // so your comparison might look more like:
> > // md5($this->data['User']['password']) == ...
>
> > // This means they were the same. We can now build
> > some basic
> > // session information to remember this user as
> > 'logged-in'.
>
> > $this->Session->write('Dealer', $someone['Dealer']);
>
> > // Now that we have them stored in a session, forward
> > them on
> > // to a landing page for the application.
>
> > $this->redirect('/customers/index_search');
> > }
> > // Else, they supplied incorrect data:
> > else
> > {
> > // Remember the $error var in the view? Let's set that
> > to true:
> > $this->set('error', true);
> > }
> > }
> > }
>
> > function logout()
> > {
> > // Redirect users to this action if they click on a Logout
> > button.
> > // All we need to do here is trash the session information:
>
> > $this->Session->delete('Dealer');
>
> > // And we should probably forward them somewhere, too...
>
> > $this->redirect('/dealers/login');
> > }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Before filter, the session falls
There has been scattered reports from people experiencing
unpredictable loss of sessions.
I have noticed this myself at times.
What I understood about it was that the problem stems from the level
of security set in Cake's config. When it is set "too high" you can
accidentally be caught "hacking your own app" so to speek. The phrase
"too high" is definitely poorly chosen and should not be taken to mean
that most of us should lower our default security settings.
An example of what can happen: You have a page doing periodical ajax
calls. You click a link during the time Cake is processing one of
these ajax calls. Your request will be "parallel" with the ajax call
and therefore caught in the security check. Or at least something
roughly like this. I have not had a detailed look inside Cakes
security and session classes.
I have also noticed this happening when uploading files and doing 2-3
redirects after each-other. Those are unfortunately hard to reproduce
at will.
/Martin
On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote:
> Well,
> I've a big big problem with two applications of mine. I use an
> authentication method made with before filter.
> The problem is that, after a login it works correctly. Then, without a
> reason, the application seems to loose the session and brings me back
> to the login form. For this reason, I really can't understand what
> happens and when. Is there a way to produce a log for the application?
> Or otherwise, how I can unserstand what happens? That's the code in
> app_controller.php:
>
> function checkSession()
> {
> // If the session info hasn't been set...
> if (!$this->Session->check('Dealer'))
> {
> // Force the user to login
> $this->redirect('/dealers/login');
> exit();
> }
> }
>
> And this in dealer_controller.php
>
> function login()
> {
> //Don't show the error message if no data has been submitted.
> $this->set('error', false);
>
> // If a user has submitted form data:
> if (!empty($this->data))
> {
> // First, let's see if there are any users in the database
> // with the username supplied by the user using the form:
>
> $someone = $this->Dealer->findByUsername($this-
>
> >data['Dealer']['username']);
>
> // At this point, $someone is full of user data, or its
> empty.
> // Let's compare the form-submitted password with the one
> in
> // the database.
>
> if(!empty($someone['Dealer']['username']) &&
> $someone['Dealer']['password'] == $this->data['Dealer']['password'])
> {
> // Note: hopefully your password in the DB is hashed,
> // so your comparison might look more like:
> // md5($this->data['User']['password']) == ...
>
> // This means they were the same. We can now build
> some basic
> // session information to remember this user as
> 'logged-in'.
>
> $this->Session->write('Dealer', $someone['Dealer']);
>
> // Now that we have them stored in a session, forward
> them on
> // to a landing page for the application.
>
> $this->redirect('/customers/index_search');
> }
> // Else, they supplied incorrect data:
> else
> {
> // Remember the $error var in the view? Let's set that
> to true:
> $this->set('error', true);
> }
> }
> }
>
> function logout()
> {
> // Redirect users to this action if they click on a Logout
> button.
> // All we need to do here is trash the session information:
>
> $this->Session->delete('Dealer');
>
> // And we should probably forward them somewhere, too...
>
> $this->redirect('/dealers/login');
> }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Before filter, the session falls
Well,
I've a big big problem with two applications of mine. I use an
authentication method made with before filter.
The problem is that, after a login it works correctly. Then, without a
reason, the application seems to loose the session and brings me back
to the login form. For this reason, I really can't understand what
happens and when. Is there a way to produce a log for the application?
Or otherwise, how I can unserstand what happens? That's the code in
app_controller.php:
function checkSession()
{
// If the session info hasn't been set...
if (!$this->Session->check('Dealer'))
{
// Force the user to login
$this->redirect('/dealers/login');
exit();
}
}
And this in dealer_controller.php
function login()
{
//Don't show the error message if no data has been submitted.
$this->set('error', false);
// If a user has submitted form data:
if (!empty($this->data))
{
// First, let's see if there are any users in the database
// with the username supplied by the user using the form:
$someone = $this->Dealer->findByUsername($this-
>data['Dealer']['username']);
// At this point, $someone is full of user data, or its
empty.
// Let's compare the form-submitted password with the one
in
// the database.
if(!empty($someone['Dealer']['username']) &&
$someone['Dealer']['password'] == $this->data['Dealer']['password'])
{
// Note: hopefully your password in the DB is hashed,
// so your comparison might look more like:
// md5($this->data['User']['password']) == ...
// This means they were the same. We can now build
some basic
// session information to remember this user as
'logged-in'.
$this->Session->write('Dealer', $someone['Dealer']);
// Now that we have them stored in a session, forward
them on
// to a landing page for the application.
$this->redirect('/customers/index_search');
}
// Else, they supplied incorrect data:
else
{
// Remember the $error var in the view? Let's set that
to true:
$this->set('error', true);
}
}
}
function logout()
{
// Redirect users to this action if they click on a Logout
button.
// All we need to do here is trash the session information:
$this->Session->delete('Dealer');
// And we should probably forward them somewhere, too...
$this->redirect('/dealers/login');
}
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
