Hi all! I am playing with new stuff in CakePHP code, so I did try Security component and I have to publish here one important note about it.
DO NOT USE this component (rev. 2249) IF You're using it's 'requireAuth' functionality AND You're using AJAX on page with protected form OR You expect Your user will open different pages (in during one session) in different browser tabs. Why? It's security token is generated (and saved to session variable) every time method SecurityComponent::startup() is called, so if user will open page with Your protected form and then open another page in new browser tab (or invoke AJAX call from this first page) and there will be invoked some action of controller with Security component, Your security token will be in session replaced with new one and Your protected form will not work - it's token will be considered as non-valid. I hope it will save some time for somebody. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
