Re: Session expiring when Flash file calls controller method in background

2008-02-22 Thread skoggins

Hi all,

I fixed this problem and wanted to share the solution.

After reading other posts I realized this issue is similar to the one
talked about in SWFobject.swf posts on this board.  After reading
those threads fixed this by adding some text to
app/config/bootstrap.php to use an existing session, and changing
session.php to work if the user agent is flash.  I also had to change
the security to low in core.php.

Added to the bottom of app/config/bootstrap.php

if (isset($_REQUEST[CAKE_SESSION_COOKIE]))
{
 session_name(CAKE_SESSION_COOKIE);
 session_id($_REQUEST[CAKE_SESSION_COOKIE]);
}

Replaced __checkValid function in cake/session.php with

   function __checkValid() {
   if ($this->read('Config')) {
   if (($this->_userAgent == $this->read("Config.userAgent")
OR $this->__isFlashAgent()) &&
$this->time <= $this->read("Config.time"))
{
   $this->write("Config.time", $this->sessionTime);
   $this->valid = true;
   } else {
   $this->valid = false;
   $this->__setError(1, "Session Highjacking
Attempted !!!");
   $this->destroy();
   }
   } else {
   srand ((double)microtime() * 100);
   $this->write("Config.userAgent", $this->_userAgent);
   $this->write("Config.time", $this->sessionTime);
   $this->write('Config.rand', rand());
   $this->valid = true;
   $this->__setError(1, "Session is valid");
   }
   }

   function __isFlashAgent() {
   $flashAgent = array('Shockwave Flash','Adobe Flash Player
9','Adobe Flash Player 8');
   foreach ($flashAgent as $agent) {
   if (md5($agent. CAKE_SESSION_STRING) == $this-
>_userAgent)
   return true;
   }
   }

And finally changed config/core.php

define('CAKE_SECURITY', 'low');

Thanks to everyone who helped, this was a real headache for me.  Hope
it helps someone in the future.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-09 Thread Novice Programmer
I guess that Flash 9 has got this problem fixed. you can check your module
with flash 9.

Thanks.

On Feb 9, 2008 6:34 AM, skoggins <[EMAIL PROTECTED]> wrote:

>
> Hmm... looking at core.php I see everything starts with define(...);
>
> Do I need a different syntax then just plopping
> Configure::write('Session.checkAgent', false); in there?
>
> On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote:
> > On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > Hi guys,
> >
> > > Quick question.  Where is Configure::write('Session.checkAgent',
> > > false);  supposed to go?  In config/core.php or in the controller
> > > action?
> >
> > > Thanks.
> >
> > Well, if you want it application-wide than put it in config/core.php.
> >
> > --
> > Chris Hartjes
> > Internet Loudmouth
> > Motto for 2008: "Moving from herding elephants to handling snakes..."
> > @TheKeyBoard:http://www.littlehart.net/atthekeyboard
> >
>


-- 
Thanks & Regards,
Novice (http://ishuonweb.wordpress.com/).

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-08 Thread skoggins

Hmm... looking at core.php I see everything starts with define(...);

Do I need a different syntax then just plopping
Configure::write('Session.checkAgent', false); in there?

On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote:
> On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
>
>
> > Hi guys,
>
> > Quick question.  Where is Configure::write('Session.checkAgent',
> > false);  supposed to go?  In config/core.php or in the controller
> > action?
>
> > Thanks.
>
> Well, if you want it application-wide than put it in config/core.php.
>
> --
> Chris Hartjes
> Internet Loudmouth
> Motto for 2008: "Moving from herding elephants to handling snakes..."
> @TheKeyBoard:http://www.littlehart.net/atthekeyboard
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-08 Thread skoggins

When I put it in config/core.php it gives me:

Fatal error: Class 'Configure' not found

in both version 1.1.18.5850 and 1.1.19.6350.

When I put it in the controller it doesn't throw an error but doesn't
fix the problem either.  Configure::version(); works in the controller
so I'm assuming I have access to the class.

Any ideas why this is?  Thanks for the help, this is driving me
insane.

On Feb 8, 4:49 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote:
> On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
>
>
> > Hi guys,
>
> > Quick question.  Where is Configure::write('Session.checkAgent',
> > false);  supposed to go?  In config/core.php or in the controller
> > action?
>
> > Thanks.
>
> Well, if you want it application-wide than put it in config/core.php.
>
> --
> Chris Hartjes
> Internet Loudmouth
> Motto for 2008: "Moving from herding elephants to handling snakes..."
> @TheKeyBoard:http://www.littlehart.net/atthekeyboard
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-08 Thread Chris Hartjes

On Feb 8, 2008 7:31 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
> Hi guys,
>
> Quick question.  Where is Configure::write('Session.checkAgent',
> false);  supposed to go?  In config/core.php or in the controller
> action?
>
> Thanks.
>

Well, if you want it application-wide than put it in config/core.php.


-- 
Chris Hartjes
Internet Loudmouth
Motto for 2008: "Moving from herding elephants to handling snakes..."
@TheKeyBoard: http://www.littlehart.net/atthekeyboard

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-08 Thread skoggins

Hi guys,

Quick question.  Where is Configure::write('Session.checkAgent',
false);  supposed to go?  In config/core.php or in the controller
action?

Thanks.

On Feb 4, 3:48 pm, skoggins <[EMAIL PROTECTED]> wrote:
> Ok. Thanks!
>
> On Feb 4, 2:20 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
>
> > Yeah, that's definitely the problem... I ran across someone else
> > discussing it recently as well. When Flash does a POST it uses an
> > agent string of "Flash Player" or similar instead of the browser's
> > user-agent (no idea why).
>
> > Only way to work around it is to change Cake so that it doesn't
> > consider user-agent when checking sessions. So, you've got to upgrade
> > or find the part of the session source code that checks the agent and
> > comment that out (no idea, I'm using 1.2beta).
>
> > Troy.
>
> > On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
> > > I found out some more info about the problem.  It only logs me out
> > > when I do a "POST" from Flash.  "Get" works fine.  I haven't been able
> > > to upgrade to 1.1.19 yet so I can't try:
> > > Configure::write('Session.checkAgent', false);
>
> > > Troy,  my flash player is version 8,0,22,0 and I am running XP.
>
> > > Does this still sound like the same problem?  Is there a fix without
> > > having to upgrade?
>
> > > Thanks.
>
> > > On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
> > > > > Configure::write('Session.checkAgent', false);
>
> > > > Yes, that's most likely it. While the "agent" should be the same when
> > > > the Flash Player speaks to the web server (because it's using the web
> > > > browser's network stack), I've seen some configurations report it
> > > > slightly differently.
>
> > > > Curious, what OS/browser are you using the Flash Player on (and what
> > > > version of the Player)?
>
> > > > Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-04 Thread skoggins

Ok. Thanks!

On Feb 4, 2:20 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
> Yeah, that's definitely the problem... I ran across someone else
> discussing it recently as well. When Flash does a POST it uses an
> agent string of "Flash Player" or similar instead of the browser's
> user-agent (no idea why).
>
> Only way to work around it is to change Cake so that it doesn't
> consider user-agent when checking sessions. So, you've got to upgrade
> or find the part of the session source code that checks the agent and
> comment that out (no idea, I'm using 1.2beta).
>
> Troy.
>
> On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
>
>
> > I found out some more info about the problem.  It only logs me out
> > when I do a "POST" from Flash.  "Get" works fine.  I haven't been able
> > to upgrade to 1.1.19 yet so I can't try:
> > Configure::write('Session.checkAgent', false);
>
> > Troy,  my flash player is version 8,0,22,0 and I am running XP.
>
> > Does this still sound like the same problem?  Is there a fix without
> > having to upgrade?
>
> > Thanks.
>
> > On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
> > > > Configure::write('Session.checkAgent', false);
>
> > > Yes, that's most likely it. While the "agent" should be the same when
> > > the Flash Player speaks to the web server (because it's using the web
> > > browser's network stack), I've seen some configurations report it
> > > slightly differently.
>
> > > Curious, what OS/browser are you using the Flash Player on (and what
> > > version of the Player)?
>
> > > Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-04 Thread Troy Gilbert

Yeah, that's definitely the problem... I ran across someone else
discussing it recently as well. When Flash does a POST it uses an
agent string of "Flash Player" or similar instead of the browser's
user-agent (no idea why).

Only way to work around it is to change Cake so that it doesn't
consider user-agent when checking sessions. So, you've got to upgrade
or find the part of the session source code that checks the agent and
comment that out (no idea, I'm using 1.2beta).

Troy.


On Feb 4, 2008 3:53 PM, skoggins <[EMAIL PROTECTED]> wrote:
>
> I found out some more info about the problem.  It only logs me out
> when I do a "POST" from Flash.  "Get" works fine.  I haven't been able
> to upgrade to 1.1.19 yet so I can't try:
> Configure::write('Session.checkAgent', false);
>
> Troy,  my flash player is version 8,0,22,0 and I am running XP.
>
> Does this still sound like the same problem?  Is there a fix without
> having to upgrade?
>
> Thanks.
>
>
> On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
> > > Configure::write('Session.checkAgent', false);
> >
> > Yes, that's most likely it. While the "agent" should be the same when
> > the Flash Player speaks to the web server (because it's using the web
> > browser's network stack), I've seen some configurations report it
> > slightly differently.
> >
> > Curious, what OS/browser are you using the Flash Player on (and what
> > version of the Player)?
> >
> > Troy.
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-02-04 Thread skoggins

I found out some more info about the problem.  It only logs me out
when I do a "POST" from Flash.  "Get" works fine.  I haven't been able
to upgrade to 1.1.19 yet so I can't try:
Configure::write('Session.checkAgent', false);

Troy,  my flash player is version 8,0,22,0 and I am running XP.

Does this still sound like the same problem?  Is there a fix without
having to upgrade?

Thanks.


On Jan 30, 3:15 pm, "Troy Gilbert" <[EMAIL PROTECTED]> wrote:
> > Configure::write('Session.checkAgent', false);
>
> Yes, that's most likely it. While the "agent" should be the same when
> the Flash Player speaks to the web server (because it's using the web
> browser's network stack), I've seen some configurations report it
> slightly differently.
>
> Curious, what OS/browser are you using the Flash Player on (and what
> version of the Player)?
>
> Troy.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-01-31 Thread Troy Gilbert

> Configure::write('Session.checkAgent', false);

Yes, that's most likely it. While the "agent" should be the same when
the Flash Player speaks to the web server (because it's using the web
browser's network stack), I've seen some configurations report it
slightly differently.

Curious, what OS/browser are you using the Flash Player on (and what
version of the Player)?

Troy.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-01-30 Thread Adam Royle

Update to the latest version of 1.1 and it should work (r 6305).

On Jan 31, 1:54 pm, skoggins <[EMAIL PROTECTED]> wrote:
> Hi Adam,
>
> Thanks, I'm glad I'm not just crazy.  I put that line of code in
> config/core.php but it tells me "undefined class 'configure' ".  Is
> this supported in 1.1? because that is what I am using.
>
> Thanks!
>
> On Jan 30, 2:45 pm, Adam Royle <[EMAIL PROTECTED]> wrote:
>
> > Yes, I had the same issue. I traced the problem to the CakeSession
> > component and hacked the core to fix mine, however I think they have
> > fixed this in newer builds. I *think* this should work.
>
> > Configure::write('Session.checkAgent', false);
>
> > Adam
>
> > On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote:
>
> > > Hi all,
>
> > > I have a problem with a Flash file calling a function in my controller
> > > using send and load.  After the fcn is called and the database is
> > > updated the Session no longer exists for some reason.  Has anyone had
> > > a problem like this?
>
> > > Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-01-30 Thread skoggins

Hi Adam,

Thanks, I'm glad I'm not just crazy.  I put that line of code in
config/core.php but it tells me "undefined class 'configure' ".  Is
this supported in 1.1? because that is what I am using.

Thanks!

On Jan 30, 2:45 pm, Adam Royle <[EMAIL PROTECTED]> wrote:
> Yes, I had the same issue. I traced the problem to the CakeSession
> component and hacked the core to fix mine, however I think they have
> fixed this in newer builds. I *think* this should work.
>
> Configure::write('Session.checkAgent', false);
>
> Adam
>
> On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote:
>
> > Hi all,
>
> > I have a problem with a Flash file calling a function in my controller
> > using send and load.  After the fcn is called and the database is
> > updated the Session no longer exists for some reason.  Has anyone had
> > a problem like this?
>
> > Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---



Re: Session expiring when Flash file calls controller method in background

2008-01-30 Thread Adam Royle

Yes, I had the same issue. I traced the problem to the CakeSession
component and hacked the core to fix mine, however I think they have
fixed this in newer builds. I *think* this should work.

Configure::write('Session.checkAgent', false);

Adam

On Jan 31, 8:32 am, skoggins <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a problem with a Flash file calling a function in my controller
> using send and load.  After the fcn is called and the database is
> updated the Session no longer exists for some reason.  Has anyone had
> a problem like this?
>
> Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake 
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---