Re: Sessions expiring when they should not
BTW, another problem of setting the cookie in 6 hours is that if the user
has a clock that is not synced (i.e. more than 6 hours ahead), the browser
will expire the session cookie and the user cannot stay logged in.
Best,
Chris
On Tue, Sep 4, 2012 at 3:07 PM, Chris Cinelli
chris.cine...@formativelearning.com wrote:
It looks like the code is in CakeSession.php
I think I solved the cookie expiration problem with this in the core.php:
Configure::write('Session', array(
'defaults' = 'php',
'cookieTimeout' = 0, //Lives until the browser is closed.
'checkAgent' = false //To fix a little the Chrome Frame problem
));
Pretty much all main website manage the session expiration using a session
cookie (that get removed when the browser is closed). Exceptions are
website that keep you loggedin like Facebook. They set the cookie
expiration to a month after login (but the user actually have to check the
box - keep me logged in).
I think though that setting by default the cookie expiration to 6h (I
think it is the PHP session default) and NEVER updated it is a *BUG*. If
the user is on the website for 6h, he should not be forced to logging
again. This is a major problem if the user is writing some very long text
into a page that save the text with Ajax calls.*
*
BTW, the default behavior can actually create more security problems that
leave the cookie expire with the session. In fact if the user is on a
public computer and close the browser to finish his/her session, the
following user that connect before the 6h limit is going to be able to
reconnect to the website under the previous user credentials.*
*Best, Chris
*
*
On Tue, Sep 4, 2012 at 12:19 PM, Chris Cinelli
chris.cine...@formativelearning.com wrote:
Anybody that know at least what it is the expected behavior?
Is it normal that the CAKEPHP cookie has 6h expiration after login and
never get updated?
Best,
Chris
On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli
chris.cine...@formativelearning.com wrote:
We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior
also on my Mac running on XAMPP and as far as I know we have always had
this problem.
I would expect that:
1. The session expires if after a certain amount of time if there
are no more calls to the server.
2. Activity on the server should update the expiring time.
Instead we noticed that after a certain amount of time, the user get
logged out and he has to log back in even if he accessed a page just a a
minute before.
I actually put even a hertbeat AJAX call that is been called every 20
minutes that was supposed to prevent the session to expire, but sessions
keep getting lost.
Is this the intended behavior?
If it not I am not sure if the problem is on the frontend's cookie or
the backend;s session. I noticed that the CAKEPHP cookie has 6h expiration
time since I log in and it never get renewed.
Best,
Chris
--
--Everything should be made as simple as possible, but not simpler
(Albert Einstein)
--
--Everything should be made as simple as possible, but not simpler
(Albert Einstein)
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
Like Us on FacekBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Sessions expiring when they should not
Anybody that know at least what it is the expected behavior? Is it normal that the CAKEPHP cookie has 6h expiration after login and never get updated? Best, Chris On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli chris.cine...@formativelearning.com wrote: We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior also on my Mac running on XAMPP and as far as I know we have always had this problem. I would expect that: 1. The session expires if after a certain amount of time if there are no more calls to the server. 2. Activity on the server should update the expiring time. Instead we noticed that after a certain amount of time, the user get logged out and he has to log back in even if he accessed a page just a a minute before. I actually put even a hertbeat AJAX call that is been called every 20 minutes that was supposed to prevent the session to expire, but sessions keep getting lost. Is this the intended behavior? If it not I am not sure if the problem is on the frontend's cookie or the backend;s session. I noticed that the CAKEPHP cookie has 6h expiration time since I log in and it never get renewed. Best, Chris -- --Everything should be made as simple as possible, but not simpler (Albert Einstein) -- --Everything should be made as simple as possible, but not simpler (Albert Einstein) -- You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
Re: Sessions expiring when they should not
It looks like the code is in CakeSession.php
I think I solved the cookie expiration problem with this in the core.php:
Configure::write('Session', array(
'defaults' = 'php',
'cookieTimeout' = 0, //Lives until the browser is closed.
'checkAgent' = false //To fix a little the Chrome Frame problem
));
Pretty much all main website manage the session expiration using a session
cookie (that get removed when the browser is closed). Exceptions are
website that keep you loggedin like Facebook. They set the cookie
expiration to a month after login (but the user actually have to check the
box - keep me logged in).
I think though that setting by default the cookie expiration to 6h (I think
it is the PHP session default) and NEVER updated it is a *BUG*. If the user
is on the website for 6h, he should not be forced to logging again. This is
a major problem if the user is writing some very long text into a page that
save the text with Ajax calls.*
*
BTW, the default behavior can actually create more security problems that
leave the cookie expire with the session. In fact if the user is on a
public computer and close the browser to finish his/her session, the
following user that connect before the 6h limit is going to be able to
reconnect to the website under the previous user credentials.*
*Best, Chris*
*
On Tue, Sep 4, 2012 at 12:19 PM, Chris Cinelli
chris.cine...@formativelearning.com wrote:
Anybody that know at least what it is the expected behavior?
Is it normal that the CAKEPHP cookie has 6h expiration after login and
never get updated?
Best,
Chris
On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli
chris.cine...@formativelearning.com wrote:
We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior
also on my Mac running on XAMPP and as far as I know we have always had
this problem.
I would expect that:
1. The session expires if after a certain amount of time if there are
no more calls to the server.
2. Activity on the server should update the expiring time.
Instead we noticed that after a certain amount of time, the user get
logged out and he has to log back in even if he accessed a page just a a
minute before.
I actually put even a hertbeat AJAX call that is been called every 20
minutes that was supposed to prevent the session to expire, but sessions
keep getting lost.
Is this the intended behavior?
If it not I am not sure if the problem is on the frontend's cookie or the
backend;s session. I noticed that the CAKEPHP cookie has 6h expiration time
since I log in and it never get renewed.
Best,
Chris
--
--Everything should be made as simple as possible, but not simpler
(Albert Einstein)
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
Sessions expiring when they should not
We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior also on my Mac running on XAMPP and as far as I know we have always had this problem. I would expect that: 1. The session expires if after a certain amount of time if there are no more calls to the server. 2. Activity on the server should update the expiring time. Instead we noticed that after a certain amount of time, the user get logged out and he has to log back in even if he accessed a page just a a minute before. I actually put even a hertbeat AJAX call that is been called every 20 minutes that was supposed to prevent the session to expire, but sessions keep getting lost. Is this the intended behavior? If it not I am not sure if the problem is on the frontend's cookie or the backend;s session. I noticed that the CAKEPHP cookie has 6h expiration time since I log in and it never get renewed. Best, Chris -- --Everything should be made as simple as possible, but not simpler (Albert Einstein) -- You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
