Re: Before filter, the session falls
Ok I tried to set CAKE security on a medium level, and now it works correctly. Thanks to all. On 3 Nov, 15:55, mcphisto <[EMAIL PROTECTED]> wrote: > Ok, maybe this is the problem. I experienced sessions falling when > using live search or when opening blank pages. Now I changed the > configuration in core php as in the article suggested by monmonja. > Very good and clear article. Now I try and then I'l tell you. > > Thank you. > > On 3 Nov, 15:07, monmonja <[EMAIL PROTECTED]> wrote: > > > > > You could probably look at > > thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/ > > > On Nov 3, 7:44 pm, "[EMAIL PROTECTED]" > > > <[EMAIL PROTECTED]> wrote: > > > There has been scattered reports from people experiencing > > > unpredictable loss of sessions. > > > I have noticed this myself at times. > > > > What I understood about it was that the problem stems from the level > > > of security set in Cake's config. When it is set "too high" you can > > > accidentally be caught "hacking your own app" so to speek. The phrase > > > "too high" is definitely poorly chosen and should not be taken to mean > > > that most of us should lower our default security settings. > > > > An example of what can happen: You have a page doing periodical ajax > > > calls. You click a link during the time Cake is processing one of > > > these ajax calls. Your request will be "parallel" with the ajax call > > > and therefore caught in the security check. Or at least something > > > roughly like this. I have not had a detailed look inside Cakes > > > security and session classes. > > > > I have also noticed this happening when uploading files and doing 2-3 > > > redirects after each-other. Those are unfortunately hard to reproduce > > > at will. > > > > /Martin > > > > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote: > > > > > Well, > > > > I've a big big problem with two applications of mine. I use an > > > > authentication method made with before filter. > > > > The problem is that, after a login it works correctly. Then, without a > > > > reason, the application seems to loose the session and brings me back > > > > to the login form. For this reason, I really can't understand what > > > > happens and when. Is there a way to produce a log for the application? > > > > Or otherwise, how I can unserstand what happens? That's the code in > > > > app_controller.php: > > > > > function checkSession() > > > > { > > > > // If the session info hasn't been set... > > > > if (!$this->Session->check('Dealer')) > > > > { > > > > // Force the user to login > > > > $this->redirect('/dealers/login'); > > > > exit(); > > > > } > > > > } > > > > > And this in dealer_controller.php > > > > > function login() > > > > { > > > > //Don't show the error message if no data has been submitted. > > > > $this->set('error', false); > > > > > // If a user has submitted form data: > > > > if (!empty($this->data)) > > > > { > > > > // First, let's see if there are any users in the database > > > > // with the username supplied by the user using the form: > > > > > $someone = $this->Dealer->findByUsername($this- > > > > > >data['Dealer']['username']); > > > > > // At this point, $someone is full of user data, or its > > > > empty. > > > > // Let's compare the form-submitted password with the one > > > > in > > > > // the database. > > > > > if(!empty($someone['Dealer']['username']) && > > > > $someone['Dealer']['password'] == $this->data['Dealer']['password']) > > > > { > > > > // Note: hopefully your password in the DB is hashed, > > > > // so your comparison might look more like: > > > > // md5($this->data['User']['password']) == ... > > > > > // This means they were the same. We can now build > > > > some basic > > > > // session information to remember this user as > > > > 'logged-in'. > > > > > $this->Session->write('Dealer', $someone['Dealer']); > > > > > // Now that we have them stored in a session, forward > > > > them on > > > > // to a landing page for the application. > > > > > $this->redirect('/customers/index_search'); > > > > } > > > > // Else, they supplied incorrect data: > > > > else > > > > { > > > > // Remember the $error var in the view? Let's set that > > > > to true: > > > > $this->set('error', true); > > > > } > > > > } > > > > } > > > > > function logout() > > > > { > > > > // Redirect users to this action if they click on a Logout > > > > button. > > > > // All we need to do here is trash the session information: > > > > > $this
Re: Before filter, the session falls
Ok, maybe this is the problem. I experienced sessions falling when using live search or when opening blank pages. Now I changed the configuration in core php as in the article suggested by monmonja. Very good and clear article. Now I try and then I'l tell you. Thank you. On 3 Nov, 15:07, monmonja <[EMAIL PROTECTED]> wrote: > You could probably look at > thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/ > > On Nov 3, 7:44 pm, "[EMAIL PROTECTED]" > > > > <[EMAIL PROTECTED]> wrote: > > There has been scattered reports from people experiencing > > unpredictable loss of sessions. > > I have noticed this myself at times. > > > What I understood about it was that the problem stems from the level > > of security set in Cake's config. When it is set "too high" you can > > accidentally be caught "hacking your own app" so to speek. The phrase > > "too high" is definitely poorly chosen and should not be taken to mean > > that most of us should lower our default security settings. > > > An example of what can happen: You have a page doing periodical ajax > > calls. You click a link during the time Cake is processing one of > > these ajax calls. Your request will be "parallel" with the ajax call > > and therefore caught in the security check. Or at least something > > roughly like this. I have not had a detailed look inside Cakes > > security and session classes. > > > I have also noticed this happening when uploading files and doing 2-3 > > redirects after each-other. Those are unfortunately hard to reproduce > > at will. > > > /Martin > > > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote: > > > > Well, > > > I've a big big problem with two applications of mine. I use an > > > authentication method made with before filter. > > > The problem is that, after a login it works correctly. Then, without a > > > reason, the application seems to loose the session and brings me back > > > to the login form. For this reason, I really can't understand what > > > happens and when. Is there a way to produce a log for the application? > > > Or otherwise, how I can unserstand what happens? That's the code in > > > app_controller.php: > > > > function checkSession() > > > { > > > // If the session info hasn't been set... > > > if (!$this->Session->check('Dealer')) > > > { > > > // Force the user to login > > > $this->redirect('/dealers/login'); > > > exit(); > > > } > > > } > > > > And this in dealer_controller.php > > > > function login() > > > { > > > //Don't show the error message if no data has been submitted. > > > $this->set('error', false); > > > > // If a user has submitted form data: > > > if (!empty($this->data)) > > > { > > > // First, let's see if there are any users in the database > > > // with the username supplied by the user using the form: > > > > $someone = $this->Dealer->findByUsername($this- > > > > >data['Dealer']['username']); > > > > // At this point, $someone is full of user data, or its > > > empty. > > > // Let's compare the form-submitted password with the one > > > in > > > // the database. > > > > if(!empty($someone['Dealer']['username']) && > > > $someone['Dealer']['password'] == $this->data['Dealer']['password']) > > > { > > > // Note: hopefully your password in the DB is hashed, > > > // so your comparison might look more like: > > > // md5($this->data['User']['password']) == ... > > > > // This means they were the same. We can now build > > > some basic > > > // session information to remember this user as > > > 'logged-in'. > > > > $this->Session->write('Dealer', $someone['Dealer']); > > > > // Now that we have them stored in a session, forward > > > them on > > > // to a landing page for the application. > > > > $this->redirect('/customers/index_search'); > > > } > > > // Else, they supplied incorrect data: > > > else > > > { > > > // Remember the $error var in the view? Let's set that > > > to true: > > > $this->set('error', true); > > > } > > > } > > > } > > > > function logout() > > > { > > > // Redirect users to this action if they click on a Logout > > > button. > > > // All we need to do here is trash the session information: > > > > $this->Session->delete('Dealer'); > > > > // And we should probably forward them somewhere, too... > > > > $this->redirect('/dealers/login'); > > > }- Nascondi testo citato > > - Mostra testo citato - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups
Re: Before filter, the session falls
You could probably look at this http://monmonja.com/blog/2008/09/making-cakephp-and-session-work/ On Nov 3, 7:44 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > There has been scattered reports from people experiencing > unpredictable loss of sessions. > I have noticed this myself at times. > > What I understood about it was that the problem stems from the level > of security set in Cake's config. When it is set "too high" you can > accidentally be caught "hacking your own app" so to speek. The phrase > "too high" is definitely poorly chosen and should not be taken to mean > that most of us should lower our default security settings. > > An example of what can happen: You have a page doing periodical ajax > calls. You click a link during the time Cake is processing one of > these ajax calls. Your request will be "parallel" with the ajax call > and therefore caught in the security check. Or at least something > roughly like this. I have not had a detailed look inside Cakes > security and session classes. > > I have also noticed this happening when uploading files and doing 2-3 > redirects after each-other. Those are unfortunately hard to reproduce > at will. > > /Martin > > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote: > > > Well, > > I've a big big problem with two applications of mine. I use an > > authentication method made with before filter. > > The problem is that, after a login it works correctly. Then, without a > > reason, the application seems to loose the session and brings me back > > to the login form. For this reason, I really can't understand what > > happens and when. Is there a way to produce a log for the application? > > Or otherwise, how I can unserstand what happens? That's the code in > > app_controller.php: > > > function checkSession() > > { > > // If the session info hasn't been set... > > if (!$this->Session->check('Dealer')) > > { > > // Force the user to login > > $this->redirect('/dealers/login'); > > exit(); > > } > > } > > > And this in dealer_controller.php > > > function login() > > { > > //Don't show the error message if no data has been submitted. > > $this->set('error', false); > > > // If a user has submitted form data: > > if (!empty($this->data)) > > { > > // First, let's see if there are any users in the database > > // with the username supplied by the user using the form: > > > $someone = $this->Dealer->findByUsername($this- > > > >data['Dealer']['username']); > > > // At this point, $someone is full of user data, or its > > empty. > > // Let's compare the form-submitted password with the one > > in > > // the database. > > > if(!empty($someone['Dealer']['username']) && > > $someone['Dealer']['password'] == $this->data['Dealer']['password']) > > { > > // Note: hopefully your password in the DB is hashed, > > // so your comparison might look more like: > > // md5($this->data['User']['password']) == ... > > > // This means they were the same. We can now build > > some basic > > // session information to remember this user as > > 'logged-in'. > > > $this->Session->write('Dealer', $someone['Dealer']); > > > // Now that we have them stored in a session, forward > > them on > > // to a landing page for the application. > > > $this->redirect('/customers/index_search'); > > } > > // Else, they supplied incorrect data: > > else > > { > > // Remember the $error var in the view? Let's set that > > to true: > > $this->set('error', true); > > } > > } > > } > > > function logout() > > { > > // Redirect users to this action if they click on a Logout > > button. > > // All we need to do here is trash the session information: > > > $this->Session->delete('Dealer'); > > > // And we should probably forward them somewhere, too... > > > $this->redirect('/dealers/login'); > > } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Before filter, the session falls
There has been scattered reports from people experiencing unpredictable loss of sessions. I have noticed this myself at times. What I understood about it was that the problem stems from the level of security set in Cake's config. When it is set "too high" you can accidentally be caught "hacking your own app" so to speek. The phrase "too high" is definitely poorly chosen and should not be taken to mean that most of us should lower our default security settings. An example of what can happen: You have a page doing periodical ajax calls. You click a link during the time Cake is processing one of these ajax calls. Your request will be "parallel" with the ajax call and therefore caught in the security check. Or at least something roughly like this. I have not had a detailed look inside Cakes security and session classes. I have also noticed this happening when uploading files and doing 2-3 redirects after each-other. Those are unfortunately hard to reproduce at will. /Martin On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote: > Well, > I've a big big problem with two applications of mine. I use an > authentication method made with before filter. > The problem is that, after a login it works correctly. Then, without a > reason, the application seems to loose the session and brings me back > to the login form. For this reason, I really can't understand what > happens and when. Is there a way to produce a log for the application? > Or otherwise, how I can unserstand what happens? That's the code in > app_controller.php: > > function checkSession() > { > // If the session info hasn't been set... > if (!$this->Session->check('Dealer')) > { > // Force the user to login > $this->redirect('/dealers/login'); > exit(); > } > } > > And this in dealer_controller.php > > function login() > { > //Don't show the error message if no data has been submitted. > $this->set('error', false); > > // If a user has submitted form data: > if (!empty($this->data)) > { > // First, let's see if there are any users in the database > // with the username supplied by the user using the form: > > $someone = $this->Dealer->findByUsername($this- > > >data['Dealer']['username']); > > // At this point, $someone is full of user data, or its > empty. > // Let's compare the form-submitted password with the one > in > // the database. > > if(!empty($someone['Dealer']['username']) && > $someone['Dealer']['password'] == $this->data['Dealer']['password']) > { > // Note: hopefully your password in the DB is hashed, > // so your comparison might look more like: > // md5($this->data['User']['password']) == ... > > // This means they were the same. We can now build > some basic > // session information to remember this user as > 'logged-in'. > > $this->Session->write('Dealer', $someone['Dealer']); > > // Now that we have them stored in a session, forward > them on > // to a landing page for the application. > > $this->redirect('/customers/index_search'); > } > // Else, they supplied incorrect data: > else > { > // Remember the $error var in the view? Let's set that > to true: > $this->set('error', true); > } > } > } > > function logout() > { > // Redirect users to this action if they click on a Logout > button. > // All we need to do here is trash the session information: > > $this->Session->delete('Dealer'); > > // And we should probably forward them somewhere, too... > > $this->redirect('/dealers/login'); > } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Before filter, the session falls
Well, I've a big big problem with two applications of mine. I use an authentication method made with before filter. The problem is that, after a login it works correctly. Then, without a reason, the application seems to loose the session and brings me back to the login form. For this reason, I really can't understand what happens and when. Is there a way to produce a log for the application? Or otherwise, how I can unserstand what happens? That's the code in app_controller.php: function checkSession() { // If the session info hasn't been set... if (!$this->Session->check('Dealer')) { // Force the user to login $this->redirect('/dealers/login'); exit(); } } And this in dealer_controller.php function login() { //Don't show the error message if no data has been submitted. $this->set('error', false); // If a user has submitted form data: if (!empty($this->data)) { // First, let's see if there are any users in the database // with the username supplied by the user using the form: $someone = $this->Dealer->findByUsername($this- >data['Dealer']['username']); // At this point, $someone is full of user data, or its empty. // Let's compare the form-submitted password with the one in // the database. if(!empty($someone['Dealer']['username']) && $someone['Dealer']['password'] == $this->data['Dealer']['password']) { // Note: hopefully your password in the DB is hashed, // so your comparison might look more like: // md5($this->data['User']['password']) == ... // This means they were the same. We can now build some basic // session information to remember this user as 'logged-in'. $this->Session->write('Dealer', $someone['Dealer']); // Now that we have them stored in a session, forward them on // to a landing page for the application. $this->redirect('/customers/index_search'); } // Else, they supplied incorrect data: else { // Remember the $error var in the view? Let's set that to true: $this->set('error', true); } } } function logout() { // Redirect users to this action if they click on a Logout button. // All we need to do here is trash the session information: $this->Session->delete('Dealer'); // And we should probably forward them somewhere, too... $this->redirect('/dealers/login'); } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---