Re: Session Sudden Expire during Ajax call
I think you are right! I have checked out the session folder and duplicated the error again. This is what I found: First Ajax Call(Dummy Data): Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535939; s:4:rand; i:3406; } userData|a:2:{ s:7:Account;a:6:{ s:10:account_id; s:1:2; s:8:username; s:5:admin; s:8:password; s:8:password; s:4:role; s:5:admin; s:10:pwd_expire; s:1:0; s:6:active; s:1:1; } s:10:Department;a:0:{}} Second Ajax Call: Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535940; s:4:rand; i:25783; } My entire user information is gone at the second request. The second request also generated another file (Or like you said, it was moving when the second ajax came in). So in order to solve this problem, I should set my security lower or implement some form of queue system right? On Dec 13, 3:55 pm, zonium [EMAIL PROTECTED] wrote: I am guessing there might be some other causes: - The user agent changed between calls (less likely in your case, though) - When first ajax call came, cake regenerated session_id (if security level set to high) The second ajax request might have taken place when session info had been moved to a new 'location' identified by the new session id (the second ajax call still attempted to use the old session id). To verify this, look into the /tmp folder (or the folder you use for session save path) to see how the session files get changed upon EACH request from browser. On Dec 12, 6:28 pm, ProFire [EMAIL PROTECTED] wrote: Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire?- Hide quoted text - - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Hint: You can disable UA check for session. Configure::write('Session.checkAgent', false) or put this in config.php somehow... On Dec 13, 9:44 am, ProFire [EMAIL PROTECTED] wrote: I think you are right! I have checked out the session folder and duplicated the error again. This is what I found: First Ajax Call(Dummy Data): Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535939; s:4:rand; i:3406;} userData|a:2:{ s:7:Account;a:6:{ s:10:account_id; s:1:2; s:8:username; s:5:admin; s:8:password; s:8:password; s:4:role; s:5:admin; s:10:pwd_expire; s:1:0; s:6:active; s:1:1;} s:10:Department;a:0:{}} Second Ajax Call: Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535940; s:4:rand; i:25783; } My entire user information is gone at the second request. The second request also generated another file (Or like you said, it was moving when the second ajax came in). So in order to solve this problem, I should set my security lower or implement some form of queue system right? On Dec 13, 3:55 pm, zonium [EMAIL PROTECTED] wrote: I am guessing there might be some other causes: - The user agent changed between calls (less likely in your case, though) - When first ajax call came, cake regenerated session_id (if security level set to high) The second ajax request might have taken place when session info had been moved to a new 'location' identified by the new session id (the second ajax call still attempted to use the old session id). To verify this, look into the /tmp folder (or the folder you use for session save path) to see how the session files get changed upon EACH request from browser. On Dec 12, 6:28 pm, ProFire [EMAIL PROTECTED] wrote: Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire?- Hide quoted text - - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Hi ProFire, Just popped in. You're spot on there with reducing the security level on your sessions. I have the exact same problem happening with me, even posted a ticket with the cake guys, as I thought it was a bug, yet it was just what was intended to happen when the security is set to high. G --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
What I've figured with ver. 1.2 pre-beta is that if the session is set to HIGH (I use db-session mode) then for each and every request I can observe in the SQL-dump that my session is deleted and a new one is created. I consider that a bug but since I do not have any restrictions on the session expiration period I set the level to MEDIUM and it works OK, now SQL-dump shows what I expect it to. That's what you should do, probably. Another thing that is obvious to check with ajax calls is that your cookie that identifies the session comes along with the request. Later. On Dec 13, 11:44 am, ProFire [EMAIL PROTECTED] wrote: I think you are right! I have checked out the session folder and duplicated the error again. This is what I found: First Ajax Call(Dummy Data): Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535939; s:4:rand; i:3406;} userData|a:2:{ s:7:Account;a:6:{ s:10:account_id; s:1:2; s:8:username; s:5:admin; s:8:password; s:8:password; s:4:role; s:5:admin; s:10:pwd_expire; s:1:0; s:6:active; s:1:1;} s:10:Department;a:0:{}} Second Ajax Call: Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535940; s:4:rand; i:25783; } My entire user information is gone at the second request. The second request also generated another file (Or like you said, it was moving when the second ajax came in). So in order to solve this problem, I should set my security lower or implement some form of queue system right? On Dec 13, 3:55 pm, zonium [EMAIL PROTECTED] wrote: I am guessing there might be some other causes: - The user agent changed between calls (less likely in your case, though) - When first ajax call came, cake regenerated session_id (if security level set to high) The second ajax request might have taken place when session info had been moved to a new 'location' identified by the new session id (the second ajax call still attempted to use the old session id). To verify this, look into the /tmp folder (or the folder you use for session save path) to see how the session files get changed upon EACH request from browser. On Dec 12, 6:28 pm, ProFire [EMAIL PROTECTED] wrote: Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire?- Hide quoted text - - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Alright, the problem is solved! For those who encounter the similar problem and reading this to get the problem solved, here's what I did. My initial settings was that my cake session security is set to HIGH. What appears to me is that everytime the user browse around, a new Session ID is generated. The old Session ID is removed. During the first Ajax call, a new Session ID is generated. However, the second simultaneous Ajax call was carry the old ID. My system was assigned with the new ID but my second Ajax call was carry the old one. Therefore, PHP assumes that I have logged out of the system and generates an entire new Session ID for me. That's how I got logged out. (I'm not sure if this is how the entire Session Process is, but as far as I know, as of date, this is how it appears to me) Solution? Set the Cake Session Security to Medium. This is what I did. Afterwards, no new Session ID was generated everytime I fool around with Ajax. Did up to even 20 Ajax calls simultaneously and successfully. Just that my browser started to slow down a little. Yay! I'm not sure if the Queue System works but anybody wants to give it a try? Let me know! By theory, I believe it should work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Solution? Set the Cake Session Security to Medium. This is what I did. Yeap, that set to Medium would solve the problem. I'm not sure if this is how the entire Session Process is It's how it is designed to work. When security is set to high, session id changes each time cake is reached. This is to void session hijacking. However, your simultaneous ajax calls should not have been 'interpreted' by cake as some kind of hijacking. So IMO it'd better if cake allows to specify a passage of time (a window) within it cake will not regenerate session id. The way cake handle 'high' security seems ... too restrict. In fact, to avoid the unwanted side effects associated with 'high', 'medium' is usually used as a 'solution'. So the value of 'high' is kind of diminished / less practical and your case is a very good example. Zonium On Dec 13, 1:13 am, ProFire [EMAIL PROTECTED] wrote: Alright, the problem is solved! For those who encounter the similar problem and reading this to get the problem solved, here's what I did. My initial settings was that my cake session security is set to HIGH. What appears to me is that everytime the user browse around, a new Session ID is generated. The old Session ID is removed. During the first Ajax call, a new Session ID is generated. However, the second simultaneous Ajax call was carry the old ID. My system was assigned with the new ID but my second Ajax call was carry the old one. Therefore, PHP assumes that I have logged out of the system and generates an entire new Session ID for me. That's how I got logged out. (I'm not sure if this is how the entire Session Process is, but as far as I know, as of date, this is how it appears to me) Solution? Set the Cake Session Security to Medium. This is what I did. Afterwards, no new Session ID was generated everytime I fool around with Ajax. Did up to even 20 Ajax calls simultaneously and successfully. Just that my browser started to slow down a little. Yay! I'm not sure if the Queue System works but anybody wants to give it a try? Let me know! By theory, I believe it should work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Solution? Set the Cake Session Security to Medium. This is what I did. Yeap, setting to Medium would solve the problem. I'm not sure if this is how the entire Session Process is It's how it is designed to work. When security is set to high, session id changes each time cake is reached. This is to void session hijacking. However, your simultaneous ajax calls should not have been 'interpreted' by cake as some kind of hijacking. So IMO it'd better if cake allows to specify a passage of time (a window) within it cake will not regenerate session id. The way cake handles 'high' security seems ... too restrict. In fact, to avoid unwanted side effects associated with 'high', 'medium' is usually used as a *solution*. So the value of 'high' some how diminishes / is less practical; and your case is a good example. Zonium On Dec 13, 1:13 am, Krovosos [EMAIL PROTECTED] wrote: What I've figured with ver. 1.2 pre-beta is that if the session is set to HIGH (I use db-session mode) then for each and every request I can observe in the SQL-dump that my session is deleted and a new one is created. I consider that a bug but since I do not have any restrictions on the session expiration period I set the level to MEDIUM and it works OK, now SQL-dump shows what I expect it to. That's what you should do, probably. Another thing that is obvious to check with ajax calls is that your cookie that identifies the session comes along with the request. Later. On Dec 13, 11:44 am, ProFire [EMAIL PROTECTED] wrote: I think you are right! I have checked out the session folder and duplicated the error again. This is what I found: First Ajax Call(Dummy Data): Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535939; s:4:rand; i:3406;} userData|a:2:{ s:7:Account;a:6:{ s:10:account_id; s:1:2; s:8:username; s:5:admin; s:8:password; s:8:password; s:4:role; s:5:admin; s:10:pwd_expire; s:1:0; s:6:active; s:1:1;} s:10:Department;a:0:{}} Second Ajax Call: Config|a:3:{ s:9:userAgent; s:32:7a98565405c4c8c1b17961f9f9edd2fd; s:4:time; i:1197535940; s:4:rand; i:25783; } My entire user information is gone at the second request. The second request also generated another file (Or like you said, it was moving when the second ajax came in). So in order to solve this problem, I should set my security lower or implement some form of queue system right? On Dec 13, 3:55 pm, zonium [EMAIL PROTECTED] wrote: I am guessing there might be some other causes: - The user agent changed between calls (less likely in your case, though) - When first ajax call came, cake regenerated session_id (if security level set to high) The second ajax request might have taken place when session info had been moved to a new 'location' identified by the new session id (the second ajax call still attempted to use the old session id). To verify this, look into the /tmp folder (or the folder you use for session save path) to see how the session files get changed upon EACH request from browser. On Dec 12, 6:28 pm, ProFire [EMAIL PROTECTED] wrote: Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire?- Hide quoted text - - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Solution? Set the Cake Session Security to Medium. This is what I did. Yeap, setting to Medium would solve the problem. I'm not sure if this is how the entire Session Process is It's how it is designed to work. When security is set to high, session id changes each time cake is reached. This is to void session hijacking. However, your simultaneous ajax calls should not have been 'interpreted' by cake as some kind of hijacking. So IMO it'd better if cake allows to specify a passage of time (a window) within it cake will not regenerate session id. The way cake handles 'high' security seems ... too strict. In fact, to avoid unwanted side effects associated with 'high', 'medium' is usually used as a *solution*. So the value of 'high' some how diminishes / is less practical; and your case is a good example. Zonium On Dec 13, 1:13 am, ProFire [EMAIL PROTECTED] wrote: Alright, the problem is solved! For those who encounter the similar problem and reading this to get the problem solved, here's what I did. My initial settings was that my cake session security is set to HIGH. What appears to me is that everytime the user browse around, a new Session ID is generated. The old Session ID is removed. During the first Ajax call, a new Session ID is generated. However, the second simultaneous Ajax call was carry the old ID. My system was assigned with the new ID but my second Ajax call was carry the old one. Therefore, PHP assumes that I have logged out of the system and generates an entire new Session ID for me. That's how I got logged out. (I'm not sure if this is how the entire Session Process is, but as far as I know, as of date, this is how it appears to me) Solution? Set the Cake Session Security to Medium. This is what I did. Afterwards, no new Session ID was generated everytime I fool around with Ajax. Did up to even 20 Ajax calls simultaneously and successfully. Just that my browser started to slow down a little. Yay! I'm not sure if the Queue System works but anybody wants to give it a try? Let me know! By theory, I believe it should work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session Sudden Expire during Ajax call
I am guessing there might be some other causes: - The user agent changed between calls (less likely in your case, though) - When first ajax call came, cake regenerated session_id (if security level set to high) The second ajax request might have taken place when session info had been moved to a new 'location' identified by the new session id (the second ajax call still attempted to use the old session id). To verify this, look into the /tmp folder (or the folder you use for session save path) to see how the session files get changed upon EACH request from browser. On Dec 12, 6:28 pm, ProFire [EMAIL PROTECTED] wrote: Ok! Maybe I should rephrase my questions. What are the causes for an Expired session? I know the standard ones are the Time Limit and the code (session_destroy()). Are there any other causes for it? Is there a code in CakePHP that causes session to expire? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---