"Bank Sites" are a perfect example. So for example if you login to say bankofamerica.com and close the browser without logging out. Your session is destroyed and you have to sign back in. I was wanting to replicate that functionality. Closing the browser implies losing your signed in session and you have to sign back in again to access your profile. That is what I desired. That is why I had set Session.timeout=0. Stateless authentication implies that I would have to store the user cred somewhere in cookie and signin for every page. I was wanting to keep the session alive but only till the browser is open. as soon as browser is closed. the session is lost.
Thanks, Anand On Oct 26, 10:24 pm, Jeremy Burns | Class Outfit <[email protected]> wrote: > I don't think you can. If the user browses away from the site the server > won't know so can't do anything. Why is this a problem? If the user comes > back while the session is still valid he'll just be logged back in > automatically. If its a secure system (say banking) and there's a large 'log > out' button and the user doesn't press it, he deserves to have his account > plundered. > > Have you looked at stateless authentication? > > Jeremy Burns > Class Outfit > > http://www.classoutfit.com > > On 27 Oct 2011, at 06:11, Anand Ramamurthy wrote: > > > > > > > > > After much debugging I realized that my 'Session.timeout' was set to 0 > > hence my session data was being dropped for every request. once I set > > it to a 3600, the sessions remained and authorizations were succesful > > But now this leads to another quandary. If I set the timeout to a > > value and the user closes the browser without logging out, I would > > like his/ her session to end and not remain because it hasnt reached > > its timeout. How can I accomplish this ? Any ideas? > > > Thanks, > > > Anand > > > On Oct 26, 9:27 pm, Jeremy Burns | Class Outfit > > <[email protected]> wrote: > >> Do you have any auth code in the users controller? Have you pit a debug > >> statement inside isAuthorized just before returning true to check that it > >> is actually passing? > > >> Jeremy Burns > >> Class Outfit > > >>http://www.classoutfit.com > > >> On 26 Oct 2011, at 22:15, Anand Ramamurthy wrote: > > >>> Hello, > > >>> I am a CakePHP newbie. I am implementing login features using > >>> Authentication Component (User model). It works good. However I am > >>> facing problem in Authorization and Statefulness features. Once I am > >>> logged in I am unable to browse to other pages as user seems to be not > >>> logged in. > > >>> This is my component variable in AppController: > > >>> public $components = array( > >>> 'Session', > >>> 'Auth' => array( > >>> 'loginAction' => array('controller' => 'users', 'action' > >>> => 'login'), > >>> 'loginRedirect' => array('controller' => 'users', 'action' > >>> => 'index'), > >>> 'logoutRedirect' => array('controller' => 'home', 'action' > >>> => 'index'), > >>> 'authError' => 'Did you really think you are allowed to > >>> see that?', > >>> 'authenticate' => array( > >>> 'Form' => array('fields' => array('username' => > >>> 'email', 'password' => 'password')), > >>> 'Basic' => array('userModel' => 'Users.User', 'fields' > >>> => array('username' => 'email', 'password' => 'password')) > >>> ), > >>> 'authorize' => array('Controller') > >>> ) > >>> ); > > >>> //AppController beforeFilter > >>> function beforeFilter() { > > >>> $this->Auth->autoRedirect = false; > >>> $this->Auth->userModel = 'User'; > >>> $this->Auth->allow('index', 'view'); > >>> } > > >>> //AppController isAuthorized > >>> public function isAuthorized($user) { > > >>> if (isset($user['role']) && $user['role'] == 'admin') { > >>> return true; //Admin can access every action > >>> } > >>> return false; // The rest don't > >>> } > > >>> The user I log in has the role of "admin" set in DB. The user is able > >>> to login properly get redirected to index and then I try to use the > >>> edit feature in the UsersController for which he should be authorized > >>> but apparently instead I get redirected to login page again with the > >>> message "You are not authorized!" > > >>> I would be grateful if somebody could chime in and help or provide > >>> pointers as to what I could be doing wrong? > > >>> Thanks in advance. > > >>> Anand > > >>> -- > >>> Our newest site for the community: CakePHP Video > >>> Tutorialshttp://tv.cakephp.org > >>> Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp > >>> others with their CakePHP related questions. > > >>> To unsubscribe from this group, send email to > >>> [email protected] For more options, visit this group > >>> athttp://groups.google.com/group/cake-php > > > -- > > Our newest site for the community: CakePHP Video > > Tutorialshttp://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > [email protected] For more options, visit this group > > athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
