Re: image link dorks up my session
On Dec 20, 2007 4:50 PM, hmpierson <[EMAIL PROTECTED]> wrote: > > You should have quit while you were behind with your wise mouth. > Very helpful. Thanks! -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
On the contrary, cake WAS broken, not Regan's code. Otherwise, the issue wouldn't have been considered a "bug," and it wouldn't have been "fixed" in a later release. You should have quit while you were behind with your wise mouth. >In the end, it *was* your code that was broken: you can't > manipulate the session like that when you have the Security level set > so high. :) > > Out of habit I always turn down the security level stuff so I never > really run into this. Silly me. In the future, I will be quick to > point out to people to turn down the security level in their > configuration file if similar session problems occur. See, wasn't > that easy? > > Now, if you want r5982 then you need to start using the version from > SVN instead of downloading from the web site. I believe you can find > the link on trac.cakephp.org. > > -- > Chris Hartjes > > My motto for 2007: "Just build it, damnit!" > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
I'm guessing for the static media its not actually making a request as the browser probably cached it. If you were to clear your cache you would see the same problem with your static media. At least you should see the problem for the first request, but then the problem would magically fix itself. On Dec 19, 3:17 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Thanks a lot, I read the ticket, and this probably explains what I am > seeing: > > In latest 1.2.x trunk r5933, when the Security.level is set to "high" > then the session id is regenerated for every request. However, > browsers (both FF2 and IE7) only update their session cookie for page > loads - not for media loads (ie CSS / JS / IMG). > > I still don't understand why it works for static image links but oh > well. Supposedly this was fixed in the r5982 but the latest version I > can find on the cakephp website is 1.2.0.5875 anyone know where I can > get the new version? > > Thanks, > Dave > > On Dec 19, 12:57 pm, djiize <[EMAIL PROTECTED]> wrote: > > > some days > > ago:http://groups.google.com/group/cake-php/browse_thread/thread/6a48d846... > > > (look at Grant Cox's message) > > > On 19 déc, 20:23, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > wrote: > > > > "What was the answer you were looking for?" > > > I am looking for something helpful and you've responded both times > > > with a whole bunch of nothing, you've spent a lot of time writing when > > > you should have said to yourself "I don't really know anything that > > > can help so I'll leave this post to someone that does." > > > > I'll state again that I realize that it is the code and I'm looking > > > for something constructive that can help me narrow down what the > > > problem with. > > > > The img and href tags are properly formed and work fine when they > > > point to a static url, however, whenever I include > > > data passed from the controller in them, it will cause the > > > $this->Session->check('User') to fail in the controller. The page renders > > > > correctly, the tags are formed correctly and work, they just cause the > > > session check to fail. > > > > Also, I can include any variables that are defined in the view withing > > > the tags without any problems, just when I use data from the > > > controller in an href tag or src tag do I have this problem. > > > > The data from the controller works fine everywhere else and will not > > > cause the session check to fail. If anyone has any concise ideas about > > > what I can do to help fix this problem PLEASE help. I am not looking > > > for "the code's broke" I already know this and that's why I came here > > > in the first place. > > > > On Dec 19, 11:22 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > > > > > On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > > href tag in the view. I appreciate the reply, but saying "it's the > > > > > code" is not very productive, of course something is wrong with the > > > > > code, I'm just trying to see if anyone has any ideas about what it > > > > > could be (ie if anyone has seen this before, how did they fix it). > > > > > Why is it when someone is told that the non-core code they are using > > > > or have written isn't working properly, they get all defensive and > > > > complain that being told that fact is 'not very productive'? I know > > > > this will come as a shock to many people, but I have written both good > > > > code and shitty code. Most of the time when a problem with a CakePHP > > > > app occurs, it's because of the shitty non-core code that someone has > > > > written. > > > > > What was the answer you were looking for? "Yes, it must be CakePHP's > > > > fault that some part of the non-core code is messing with the contents > > > > of a session". > > > > > I will restate what I said before: there is nothing about adding > > > > properly-formed href tags or properly formed img-src tags to a page > > > > that will cause sessions to not work properly. Therefore, it must be > > > > a problem in the code. I will gladly change my mind when presented > > > > with evidence to the contrary. > > > > > Just because you don't like the answer doesn't mean that it isn't > > > > helpful or isn't valid. > > > > > -- > > > > Chris Hartjes > > > > > My motto for 2007: "Just build it, damnit!" > > > > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
On Dec 19, 2007 2:23 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > "What was the answer you were looking for?" > I am looking for something helpful and you've responded both times > with a whole bunch of nothing, you've spent a lot of time writing when > you should have said to yourself "I don't really know anything that > can help so I'll leave this post to someone that does." Now, now, don't go around saying what I said was a 'whole bunch of nothing'. That would be throwing away the advice of someone who have lots of experience dealing with shitty code, usually of my own creation. In the end, it *was* your code that was broken: you can't manipulate the session like that when you have the Security level set so high. :) Out of habit I always turn down the security level stuff so I never really run into this. Silly me. In the future, I will be quick to point out to people to turn down the security level in their configuration file if similar session problems occur. See, wasn't that easy? Now, if you want r5982 then you need to start using the version from SVN instead of downloading from the web site. I believe you can find the link on trac.cakephp.org. -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
Thanks a lot, I read the ticket, and this probably explains what I am seeing: In latest 1.2.x trunk r5933, when the Security.level is set to "high" then the session id is regenerated for every request. However, browsers (both FF2 and IE7) only update their session cookie for page loads - not for media loads (ie CSS / JS / IMG). I still don't understand why it works for static image links but oh well. Supposedly this was fixed in the r5982 but the latest version I can find on the cakephp website is 1.2.0.5875 anyone know where I can get the new version? Thanks, Dave On Dec 19, 12:57 pm, djiize <[EMAIL PROTECTED]> wrote: > some days > ago:http://groups.google.com/group/cake-php/browse_thread/thread/6a48d846... > > (look at Grant Cox's message) > > On 19 déc, 20:23, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > wrote: > > > "What was the answer you were looking for?" > > I am looking for something helpful and you've responded both times > > with a whole bunch of nothing, you've spent a lot of time writing when > > you should have said to yourself "I don't really know anything that > > can help so I'll leave this post to someone that does." > > > I'll state again that I realize that it is the code and I'm looking > > for something constructive that can help me narrow down what the > > problem with. > > > The img and href tags are properly formed and work fine when they > > point to a static url, however, whenever I include > > data passed from the controller in them, it will cause the > > $this->Session->check('User') to fail in the controller. The page renders > > > correctly, the tags are formed correctly and work, they just cause the > > session check to fail. > > > Also, I can include any variables that are defined in the view withing > > the tags without any problems, just when I use data from the > > controller in an href tag or src tag do I have this problem. > > > The data from the controller works fine everywhere else and will not > > cause the session check to fail. If anyone has any concise ideas about > > what I can do to help fix this problem PLEASE help. I am not looking > > for "the code's broke" I already know this and that's why I came here > > in the first place. > > > On Dec 19, 11:22 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > > > > On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > href tag in the view. I appreciate the reply, but saying "it's the > > > > code" is not very productive, of course something is wrong with the > > > > code, I'm just trying to see if anyone has any ideas about what it > > > > could be (ie if anyone has seen this before, how did they fix it). > > > > Why is it when someone is told that the non-core code they are using > > > or have written isn't working properly, they get all defensive and > > > complain that being told that fact is 'not very productive'? I know > > > this will come as a shock to many people, but I have written both good > > > code and shitty code. Most of the time when a problem with a CakePHP > > > app occurs, it's because of the shitty non-core code that someone has > > > written. > > > > What was the answer you were looking for? "Yes, it must be CakePHP's > > > fault that some part of the non-core code is messing with the contents > > > of a session". > > > > I will restate what I said before: there is nothing about adding > > > properly-formed href tags or properly formed img-src tags to a page > > > that will cause sessions to not work properly. Therefore, it must be > > > a problem in the code. I will gladly change my mind when presented > > > with evidence to the contrary. > > > > Just because you don't like the answer doesn't mean that it isn't > > > helpful or isn't valid. > > > > -- > > > Chris Hartjes > > > > My motto for 2007: "Just build it, damnit!" > > > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
some days ago: http://groups.google.com/group/cake-php/browse_thread/thread/6a48d8467e5b505b/89a0434b7447829e?lnk=gst&q=session#89a0434b7447829e (look at Grant Cox's message) On 19 déc, 20:23, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > "What was the answer you were looking for?" > I am looking for something helpful and you've responded both times > with a whole bunch of nothing, you've spent a lot of time writing when > you should have said to yourself "I don't really know anything that > can help so I'll leave this post to someone that does." > > I'll state again that I realize that it is the code and I'm looking > for something constructive that can help me narrow down what the > problem with. > > The img and href tags are properly formed and work fine when they > point to a static url, however, whenever I include > data passed from the controller in them, it will cause the > $this->Session->check('User') to fail in the controller. The page renders > > correctly, the tags are formed correctly and work, they just cause the > session check to fail. > > Also, I can include any variables that are defined in the view withing > the tags without any problems, just when I use data from the > controller in an href tag or src tag do I have this problem. > > The data from the controller works fine everywhere else and will not > cause the session check to fail. If anyone has any concise ideas about > what I can do to help fix this problem PLEASE help. I am not looking > for "the code's broke" I already know this and that's why I came here > in the first place. > > On Dec 19, 11:22 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > > > On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > href tag in the view. I appreciate the reply, but saying "it's the > > > code" is not very productive, of course something is wrong with the > > > code, I'm just trying to see if anyone has any ideas about what it > > > could be (ie if anyone has seen this before, how did they fix it). > > > Why is it when someone is told that the non-core code they are using > > or have written isn't working properly, they get all defensive and > > complain that being told that fact is 'not very productive'? I know > > this will come as a shock to many people, but I have written both good > > code and shitty code. Most of the time when a problem with a CakePHP > > app occurs, it's because of the shitty non-core code that someone has > > written. > > > What was the answer you were looking for? "Yes, it must be CakePHP's > > fault that some part of the non-core code is messing with the contents > > of a session". > > > I will restate what I said before: there is nothing about adding > > properly-formed href tags or properly formed img-src tags to a page > > that will cause sessions to not work properly. Therefore, it must be > > a problem in the code. I will gladly change my mind when presented > > with evidence to the contrary. > > > Just because you don't like the answer doesn't mean that it isn't > > helpful or isn't valid. > > > -- > > Chris Hartjes > > > My motto for 2007: "Just build it, damnit!" > > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
okay, after fiddling around a came up with a bandaid fix for this in case anyone else comes across this problem. If I change my security level to medium or low in /app/config/core.php then the problem goes away. In the comments, it says that CakePHP regenerates its session ID's between requests if security level is set to High. I'm guessing that this is part of the problem. Something about calling controller data in a standard html link is causing the session id to regenerate. I can't really see why it would do that though. On Dec 19, 12:23 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > "What was the answer you were looking for?" > I am looking for something helpful and you've responded both times > with a whole bunch of nothing, you've spent a lot of time writing when > you should have said to yourself "I don't really know anything that > can help so I'll leave this post to someone that does." > > I'll state again that I realize that it is the code and I'm looking > for something constructive that can help me narrow down what the > problem with. > > The img and href tags are properly formed and work fine when they > point to a static url, however, whenever I include > data passed from the controller in them, it will cause the > $this->Session->check('User') to fail in the controller. The page renders > > correctly, the tags are formed correctly and work, they just cause the > session check to fail. > > Also, I can include any variables that are defined in the view withing > the tags without any problems, just when I use data from the > controller in an href tag or src tag do I have this problem. > > The data from the controller works fine everywhere else and will not > cause the session check to fail. If anyone has any concise ideas about > what I can do to help fix this problem PLEASE help. I am not looking > for "the code's broke" I already know this and that's why I came here > in the first place. > > On Dec 19, 11:22 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > > > On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > href tag in the view. I appreciate the reply, but saying "it's the > > > code" is not very productive, of course something is wrong with the > > > code, I'm just trying to see if anyone has any ideas about what it > > > could be (ie if anyone has seen this before, how did they fix it). > > > Why is it when someone is told that the non-core code they are using > > or have written isn't working properly, they get all defensive and > > complain that being told that fact is 'not very productive'? I know > > this will come as a shock to many people, but I have written both good > > code and shitty code. Most of the time when a problem with a CakePHP > > app occurs, it's because of the shitty non-core code that someone has > > written. > > > What was the answer you were looking for? "Yes, it must be CakePHP's > > fault that some part of the non-core code is messing with the contents > > of a session". > > > I will restate what I said before: there is nothing about adding > > properly-formed href tags or properly formed img-src tags to a page > > that will cause sessions to not work properly. Therefore, it must be > > a problem in the code. I will gladly change my mind when presented > > with evidence to the contrary. > > > Just because you don't like the answer doesn't mean that it isn't > > helpful or isn't valid. > > > -- > > Chris Hartjes > > > My motto for 2007: "Just build it, damnit!" > > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
"What was the answer you were looking for?" I am looking for something helpful and you've responded both times with a whole bunch of nothing, you've spent a lot of time writing when you should have said to yourself "I don't really know anything that can help so I'll leave this post to someone that does." I'll state again that I realize that it is the code and I'm looking for something constructive that can help me narrow down what the problem with. The img and href tags are properly formed and work fine when they point to a static url, however, whenever I include data passed from the controller in them, it will cause the $this- >Session->check('User') to fail in the controller. The page renders correctly, the tags are formed correctly and work, they just cause the session check to fail. Also, I can include any variables that are defined in the view withing the tags without any problems, just when I use data from the controller in an href tag or src tag do I have this problem. The data from the controller works fine everywhere else and will not cause the session check to fail. If anyone has any concise ideas about what I can do to help fix this problem PLEASE help. I am not looking for "the code's broke" I already know this and that's why I came here in the first place. On Dec 19, 11:22 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > href tag in the view. I appreciate the reply, but saying "it's the > > code" is not very productive, of course something is wrong with the > > code, I'm just trying to see if anyone has any ideas about what it > > could be (ie if anyone has seen this before, how did they fix it). > > Why is it when someone is told that the non-core code they are using > or have written isn't working properly, they get all defensive and > complain that being told that fact is 'not very productive'? I know > this will come as a shock to many people, but I have written both good > code and shitty code. Most of the time when a problem with a CakePHP > app occurs, it's because of the shitty non-core code that someone has > written. > > What was the answer you were looking for? "Yes, it must be CakePHP's > fault that some part of the non-core code is messing with the contents > of a session". > > I will restate what I said before: there is nothing about adding > properly-formed href tags or properly formed img-src tags to a page > that will cause sessions to not work properly. Therefore, it must be > a problem in the code. I will gladly change my mind when presented > with evidence to the contrary. > > Just because you don't like the answer doesn't mean that it isn't > helpful or isn't valid. > > -- > Chris Hartjes > > My motto for 2007: "Just build it, damnit!" > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
On Dec 19, 2007 1:06 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > href tag in the view. I appreciate the reply, but saying "it's the > code" is not very productive, of course something is wrong with the > code, I'm just trying to see if anyone has any ideas about what it > could be (ie if anyone has seen this before, how did they fix it). > Why is it when someone is told that the non-core code they are using or have written isn't working properly, they get all defensive and complain that being told that fact is 'not very productive'? I know this will come as a shock to many people, but I have written both good code and shitty code. Most of the time when a problem with a CakePHP app occurs, it's because of the shitty non-core code that someone has written. What was the answer you were looking for? "Yes, it must be CakePHP's fault that some part of the non-core code is messing with the contents of a session". I will restate what I said before: there is nothing about adding properly-formed href tags or properly formed img-src tags to a page that will cause sessions to not work properly. Therefore, it must be a problem in the code. I will gladly change my mind when presented with evidence to the contrary. Just because you don't like the answer doesn't mean that it isn't helpful or isn't valid. -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
the code is actually a cake php calendar called Anno Domini (http:// www.davidgoldingdesign.com/cakecalendar.html) that I'm trying to get to work. I mispoke before, I don't think the session is 'dieing', if I do a pr($this-Session) in my login routine, all of the session data is still there but something is causing the session data to fail cake's $this->Session->check('User') routine when there is an img src or a href tag in the view. I appreciate the reply, but saying "it's the code" is not very productive, of course something is wrong with the code, I'm just trying to see if anyone has any ideas about what it could be (ie if anyone has seen this before, how did they fix it). On Dec 19, 10:47 am, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On Dec 19, 2007 12:42 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > but whenever I use this in a page it resets my session somehow so that > > I fail $this->Session->check('User'). If I leave out the image and > > just use: $html->link(' Text ','/smarts/add',null,null,false); then > > the session persists. I've also found that putting an normal html > > links (such as "a href=" or "img src=") will also cause my session to > > fail, but $html->link and $html->image both work fine. I've tried this > > on several servers and can't get it to behave. Any ideas? below are my > > session store and session check calls: > > I have never seen such behaviour before either with Cake or any other > PHP app I've written. As mean as it sounds, I'm inclined to believe > there are other factors at play. Why would putting in image tags or > href links cause a session to die? It makes absolutely no sense given > my experiences, which leads me to suspect that code is causing the > problem not CakePHP. > > But that's just my opinion. > > -- > Chris Hartjes > > My motto for 2007: "Just build it, damnit!" > > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: image link dorks up my session
On Dec 19, 2007 12:42 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > but whenever I use this in a page it resets my session somehow so that > I fail $this->Session->check('User'). If I leave out the image and > just use: $html->link(' Text ','/smarts/add',null,null,false); then > the session persists. I've also found that putting an normal html > links (such as "a href=" or "img src=") will also cause my session to > fail, but $html->link and $html->image both work fine. I've tried this > on several servers and can't get it to behave. Any ideas? below are my > session store and session check calls: I have never seen such behaviour before either with Cake or any other PHP app I've written. As mean as it sounds, I'm inclined to believe there are other factors at play. Why would putting in image tags or href links cause a session to die? It makes absolutely no sense given my experiences, which leads me to suspect that code is causing the problem not CakePHP. But that's just my opinion. -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---