Re: CakePHP 1.2, Auth-component and reverse proxies
2007/9/26, Martin Schapendonk [EMAIL PROTECTED]: Anyone knows what could be happening here? Let's answer my own email (at least partially). It is related to the CAKE_SECURITY setting. Changing this setting from high to medium 'solved' the problem. The documentation states: CakePHP session IDs are also regenerated between requests if CAKE_SECURITY is set to 'high'.. So... regenerating session IDs in combination with a reverse proxy doesn't seem to work. Does lowering the CAKE_SECURITY setting have any other consequences for security? Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP 1.2, Auth-component and reverse proxies
2007/9/27, Martin Schapendonk [EMAIL PROTECTED]: It is related to the CAKE_SECURITY setting. Changing this setting from high to medium 'solved' the problem. In the group archive I read CAKE_SECURITY set to high also checks the referer, which would explain why it doesn't work with a reverse proxy (since cake doesn't know of any reverse proxy in front of it). Can anybody confirm this? The message was rather old (1+ years). Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---