Re: Session expiring when Flash file calls controller method in background
Hi all, I fixed this problem and wanted to share the solution. After reading other posts I realized this issue is similar to the one talked about in SWFobject.swf posts on this board. After reading those threads fixed this by adding some text to app/config/bootstrap.php to use an existing session, and changing session.php to work if the user agent is flash. I also had to change the security to low in core.php. Added to the bottom of app/config/bootstrap.php if (isset($_REQUEST[CAKE_SESSION_COOKIE])) { session_name(CAKE_SESSION_COOKIE); session_id($_REQUEST[CAKE_SESSION_COOKIE]); } Replaced __checkValid function in cake/session.php with function __checkValid() { if ($this->read('Config')) { if (($this->_userAgent == $this->read("Config.userAgent") OR $this->__isFlashAgent()) && $this->time <= $this->read("Config.time")) { $this->write("Config.time", $this->sessionTime); $this->valid = true; } else { $this->valid = false; $this->__setError(1, "Session Highjacking Attempted !!!"); $this->destroy(); } } else { srand ((double)microtime() * 100); $this->write("Config.userAgent", $this->_userAgent); $this->write("Config.time", $this->sessionTime); $this->write('Config.rand', rand()); $this->valid = true; $this->__setError(1, "Session is valid"); } } function __isFlashAgent() { $flashAgent = array('Shockwave Flash','Adobe Flash Player 9','Adobe Flash Player 8'); foreach ($flashAgent as $agent) { if (md5($agent. CAKE_SESSION_STRING) == $this- >_userAgent) return true; } } And finally changed config/core.php define('CAKE_SECURITY', 'low'); Thanks to everyone who helped, this was a real headache for me. Hope it helps someone in the future. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
I guess that Flash 9 has got this problem fixed. you can check your module with flash 9. Thanks. On Feb 9, 2008 6:34 AM, skoggins <[EMAIL PROTECTED]> wrote: > > Hmm... looking at core.php I see everything starts with define(...); > > Do I need a different syntax then just plopping > Configure::write('Session.checkAgent', false); in there? > > On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > > On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hi guys, > > > > > Quick question. Where is Configure::write('Session.checkAgent', > > > false); supposed to go? In config/core.php or in the controller > > > action? > > > > > Thanks. > > > > Well, if you want it application-wide than put it in config/core.php. > > > > -- > > Chris Hartjes > > Internet Loudmouth > > Motto for 2008: "Moving from herding elephants to handling snakes..." > > @TheKeyBoard:http://www.littlehart.net/atthekeyboard > > > -- Thanks & Regards, Novice (http://ishuonweb.wordpress.com/). --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hmm... looking at core.php I see everything starts with define(...); Do I need a different syntax then just plopping Configure::write('Session.checkAgent', false); in there? On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote: > > > > > Hi guys, > > > Quick question. Where is Configure::write('Session.checkAgent', > > false); supposed to go? In config/core.php or in the controller > > action? > > > Thanks. > > Well, if you want it application-wide than put it in config/core.php. > > -- > Chris Hartjes > Internet Loudmouth > Motto for 2008: "Moving from herding elephants to handling snakes..." > @TheKeyBoard:http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
When I put it in config/core.php it gives me: Fatal error: Class 'Configure' not found in both version 1.1.18.5850 and 1.1.19.6350. When I put it in the controller it doesn't throw an error but doesn't fix the problem either. Configure::version(); works in the controller so I'm assuming I have access to the class. Any ideas why this is? Thanks for the help, this is driving me insane. On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote: > > > > > Hi guys, > > > Quick question. Where is Configure::write('Session.checkAgent', > > false); supposed to go? In config/core.php or in the controller > > action? > > > Thanks. > > Well, if you want it application-wide than put it in config/core.php. > > -- > Chris Hartjes > Internet Loudmouth > Motto for 2008: "Moving from herding elephants to handling snakes..." > @TheKeyBoard:http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote: > > Hi guys, > > Quick question. Where is Configure::write('Session.checkAgent', > false); supposed to go? In config/core.php or in the controller > action? > > Thanks. > Well, if you want it application-wide than put it in config/core.php. -- Chris Hartjes Internet Loudmouth Motto for 2008: "Moving from herding elephants to handling snakes..." @TheKeyBoard: http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hi guys, Quick question. Where is Configure::write('Session.checkAgent', false); supposed to go? In config/core.php or in the controller action? Thanks. On Feb 4, 3:48 pm, skoggins <[EMAIL PROTECTED]> wrote: > Ok. Thanks! > > On Feb 4, 2:20 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > > > Yeah, that's definitely the problem... I ran across someone else > > discussing it recently as well. When Flash does a POST it uses an > > agent string of "Flash Player" or similar instead of the browser's > > user-agent (no idea why). > > > Only way to work around it is to change Cake so that it doesn't > > consider user-agent when checking sessions. So, you've got to upgrade > > or find the part of the session source code that checks the agent and > > comment that out (no idea, I'm using 1.2beta). > > > Troy. > > > On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote: > > > > I found out some more info about the problem. It only logs me out > > > when I do a "POST" from Flash. "Get" works fine. I haven't been able > > > to upgrade to 1.1.19 yet so I can't try: > > > Configure::write('Session.checkAgent', false); > > > > Troy, my flash player is version 8,0,22,0 and I am running XP. > > > > Does this still sound like the same problem? Is there a fix without > > > having to upgrade? > > > > Thanks. > > > > On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > > > > > Configure::write('Session.checkAgent', false); > > > > > Yes, that's most likely it. While the "agent" should be the same when > > > > the Flash Player speaks to the web server (because it's using the web > > > > browser's network stack), I've seen some configurations report it > > > > slightly differently. > > > > > Curious, what OS/browser are you using the Flash Player on (and what > > > > version of the Player)? > > > > > Troy. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Ok. Thanks! On Feb 4, 2:20 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > Yeah, that's definitely the problem... I ran across someone else > discussing it recently as well. When Flash does a POST it uses an > agent string of "Flash Player" or similar instead of the browser's > user-agent (no idea why). > > Only way to work around it is to change Cake so that it doesn't > consider user-agent when checking sessions. So, you've got to upgrade > or find the part of the session source code that checks the agent and > comment that out (no idea, I'm using 1.2beta). > > Troy. > > On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote: > > > > > I found out some more info about the problem. It only logs me out > > when I do a "POST" from Flash. "Get" works fine. I haven't been able > > to upgrade to 1.1.19 yet so I can't try: > > Configure::write('Session.checkAgent', false); > > > Troy, my flash player is version 8,0,22,0 and I am running XP. > > > Does this still sound like the same problem? Is there a fix without > > having to upgrade? > > > Thanks. > > > On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > > > > Configure::write('Session.checkAgent', false); > > > > Yes, that's most likely it. While the "agent" should be the same when > > > the Flash Player speaks to the web server (because it's using the web > > > browser's network stack), I've seen some configurations report it > > > slightly differently. > > > > Curious, what OS/browser are you using the Flash Player on (and what > > > version of the Player)? > > > > Troy. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Yeah, that's definitely the problem... I ran across someone else discussing it recently as well. When Flash does a POST it uses an agent string of "Flash Player" or similar instead of the browser's user-agent (no idea why). Only way to work around it is to change Cake so that it doesn't consider user-agent when checking sessions. So, you've got to upgrade or find the part of the session source code that checks the agent and comment that out (no idea, I'm using 1.2beta). Troy. On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote: > > I found out some more info about the problem. It only logs me out > when I do a "POST" from Flash. "Get" works fine. I haven't been able > to upgrade to 1.1.19 yet so I can't try: > Configure::write('Session.checkAgent', false); > > Troy, my flash player is version 8,0,22,0 and I am running XP. > > Does this still sound like the same problem? Is there a fix without > having to upgrade? > > Thanks. > > > On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > > > Configure::write('Session.checkAgent', false); > > > > Yes, that's most likely it. While the "agent" should be the same when > > the Flash Player speaks to the web server (because it's using the web > > browser's network stack), I've seen some configurations report it > > slightly differently. > > > > Curious, what OS/browser are you using the Flash Player on (and what > > version of the Player)? > > > > Troy. > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
I found out some more info about the problem. It only logs me out when I do a "POST" from Flash. "Get" works fine. I haven't been able to upgrade to 1.1.19 yet so I can't try: Configure::write('Session.checkAgent', false); Troy, my flash player is version 8,0,22,0 and I am running XP. Does this still sound like the same problem? Is there a fix without having to upgrade? Thanks. On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote: > > Configure::write('Session.checkAgent', false); > > Yes, that's most likely it. While the "agent" should be the same when > the Flash Player speaks to the web server (because it's using the web > browser's network stack), I've seen some configurations report it > slightly differently. > > Curious, what OS/browser are you using the Flash Player on (and what > version of the Player)? > > Troy. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
> Configure::write('Session.checkAgent', false); Yes, that's most likely it. While the "agent" should be the same when the Flash Player speaks to the web server (because it's using the web browser's network stack), I've seen some configurations report it slightly differently. Curious, what OS/browser are you using the Flash Player on (and what version of the Player)? Troy. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Update to the latest version of 1.1 and it should work (r 6305). On Jan 31, 1:54 pm, skoggins <[EMAIL PROTECTED]> wrote: > Hi Adam, > > Thanks, I'm glad I'm not just crazy. I put that line of code in > config/core.php but it tells me "undefined class 'configure' ". Is > this supported in 1.1? because that is what I am using. > > Thanks! > > On Jan 30, 2:45 pm, Adam Royle <[EMAIL PROTECTED]> wrote: > > > Yes, I had the same issue. I traced the problem to the CakeSession > > component and hacked the core to fix mine, however I think they have > > fixed this in newer builds. I *think* this should work. > > > Configure::write('Session.checkAgent', false); > > > Adam > > > On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > > > I have a problem with a Flash file calling a function in my controller > > > using send and load. After the fcn is called and the database is > > > updated the Session no longer exists for some reason. Has anyone had > > > a problem like this? > > > > Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Hi Adam, Thanks, I'm glad I'm not just crazy. I put that line of code in config/core.php but it tells me "undefined class 'configure' ". Is this supported in 1.1? because that is what I am using. Thanks! On Jan 30, 2:45 pm, Adam Royle <[EMAIL PROTECTED]> wrote: > Yes, I had the same issue. I traced the problem to the CakeSession > component and hacked the core to fix mine, however I think they have > fixed this in newer builds. I *think* this should work. > > Configure::write('Session.checkAgent', false); > > Adam > > On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote: > > > Hi all, > > > I have a problem with a Flash file calling a function in my controller > > using send and load. After the fcn is called and the database is > > updated the Session no longer exists for some reason. Has anyone had > > a problem like this? > > > Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Session expiring when Flash file calls controller method in background
Yes, I had the same issue. I traced the problem to the CakeSession component and hacked the core to fix mine, however I think they have fixed this in newer builds. I *think* this should work. Configure::write('Session.checkAgent', false); Adam On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote: > Hi all, > > I have a problem with a Flash file calling a function in my controller > using send and load. After the fcn is called and the database is > updated the Session no longer exists for some reason. Has anyone had > a problem like this? > > Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---