Re: session problems with cake 1.18 and CAKE_SECURITY=high?
On 1/7/08, beetlejuice [EMAIL PROTECTED] wrote: the data i wrote into the session when user successfully logged in are no longer available in the next page. do you have an idea ? CAKE_SECURITY set to high also means that Cake checks the referer and drops the session if it believes it is being tampered with. A setup with a reverse proxy might trigger that behavior. Do you have a reverse proxy in front of your 'real' webserver? Try if lowering CAKE_SECURITY to medium solves the problem, although I'm not quite sure what other security implications that might have. Martin -- Martin Schapendonk, http://www.schapendonk.org/blog/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
Martin Schapendonk wrote: CAKE_SECURITY set to high also means that Cake checks the referer and drops the session if it believes it is being tampered with. I have the same problem but from 1.1.18 to 1.1.19. In 1.1.18 everything works out well, in 1.1.19 not. In the authentication procedure I login in a controller setting some session variables, then redirect to another controller. In this last all checks of session variables are empty. I've also tried with security HIGH, MEDIUM and LOW but none of them works. When I get back to 1.1.18 everything is ok. Bye and thanks Davide -- Live life like you're gonna die. Because you're gonna. William Shatner --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
On 1/8/08, Davide [EMAIL PROTECTED] wrote: I've also tried with security HIGH, MEDIUM and LOW but none of them works. When I get back to 1.1.18 everything is ok. This may be trivial, but the setting is case sensitive. Did you try high, medium and low as well? Martin -- Martin Schapendonk, http://www.schapendonk.org/blog/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
Martin Schapendonk wrote: On 1/8/08, Davide wrote: I've also tried with security HIGH, MEDIUM and LOW but none of them works. When I get back to 1.1.18 everything is ok. This may be trivial, but the setting is case sensitive. Did you try high, medium and low as well? Yes, I did. I just uppercased them in the sentence for highlighting. :) -- Live life like you're gonna die. Because you're gonna. William Shatner --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
Hello, did you resolve your session issues ? i saw your bug report was set to invalid, but with no explaination. i'm just following a basic tuto with login and session (Cook up Web sitesfast withCakePHP part3) and i'm stuck. the data i wrote into the session when user successfully logged in are no longer available in the next page. do you have an idea ? many thanks in advance :) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
I've had the same problem, and I think the problem was in the fix for
ticket #3133. Session IDs are regenerated with every page request,
however it isn't carrying over the data with that new session id.
Therefore all session information is being lost with each page
request.
I've added a ticket for this in CakePHP trac:
https://trac.cakephp.org/ticket/3694
On Nov 21, 7:22 am, keymaster [EMAIL PROTECTED] wrote:
Saw this note from phpnut in bug #3507 on trac:
=
Added id() to Session helper and component to return current Session
id, the component accepts a $id parameter to force setting the Session
id which must be called in a Controller::beforeFilter().
Sessions id are not longer renewed if a request is from Ajax, or from
requestAction();
When Security.level (1.2) or CAKE_SECURITY (1.1) is set the 'high'
renewing of Session id only happens if request is 2 seconds after the
last request.
Added $_Session[Config][timeout] which forces renewing Session if
request are within the 2 second limit and over 10 request. If an
application is expected to make multiple request (more than 10) to the
server in a single proccess, Configure::write('Security.level',
'medium'); (1.2) or $this-Session-security = 'medium'; (1.1) should
be used in a beforeFilter for the specific methods.
=
Anyone understand what this means for ajax requests when CAKE_SECURITY
is high in 1.18? Do we need to change any of our session handling and/
or ajax code?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: session problems with cake 1.18 and CAKE_SECURITY=high?
Saw this note from phpnut in bug #3507 on trac:
=
Added id() to Session helper and component to return current Session
id, the component accepts a $id parameter to force setting the Session
id which must be called in a Controller::beforeFilter().
Sessions id are not longer renewed if a request is from Ajax, or from
requestAction();
When Security.level (1.2) or CAKE_SECURITY (1.1) is set the 'high'
renewing of Session id only happens if request is 2 seconds after the
last request.
Added $_Session[Config][timeout] which forces renewing Session if
request are within the 2 second limit and over 10 request. If an
application is expected to make multiple request (more than 10) to the
server in a single proccess, Configure::write('Security.level',
'medium'); (1.2) or $this-Session-security = 'medium'; (1.1) should
be used in a beforeFilter for the specific methods.
=
Anyone understand what this means for ajax requests when CAKE_SECURITY
is high in 1.18? Do we need to change any of our session handling and/
or ajax code?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
