...but not navigate away and then back again, which I think was the original question.
Jeremy Burns Class Outfit http://www.classoutfit.com On 27 Oct 2011, at 10:47, Vinícius Moraes de Araújo wrote: > the session automatically destroys on browser close > > Atenciosamente, > > Vinícius Moraes > > > 2011/10/27 Anand Ramamurthy <[email protected]> > "Bank Sites" are a perfect example. So for example if you login to say > bankofamerica.com and close the browser without logging out. Your > session is destroyed and you have to sign back in. I was wanting to > replicate that functionality. Closing the browser implies losing your > signed in session and you have to sign back in again to access your > profile. > That is what I desired. That is why I had set Session.timeout=0. > Stateless authentication implies that I would have to store the user > cred somewhere in cookie and signin for every page. I was wanting to > keep the session alive but only till the browser is open. as soon as > browser is closed. the session is lost. > > Thanks, > > Anand > > On Oct 26, 10:24 pm, Jeremy Burns | Class Outfit > <[email protected]> wrote: > > I don't think you can. If the user browses away from the site the server > > won't know so can't do anything. Why is this a problem? If the user comes > > back while the session is still valid he'll just be logged back in > > automatically. If its a secure system (say banking) and there's a large > > 'log out' button and the user doesn't press it, he deserves to have his > > account plundered. > > > > Have you looked at stateless authentication? > > > > Jeremy Burns > > Class Outfit > > > > http://www.classoutfit.com > > > > On 27 Oct 2011, at 06:11, Anand Ramamurthy wrote: > > > > > > > > > > > > > > > > > After much debugging I realized that my 'Session.timeout' was set to 0 > > > hence my session data was being dropped for every request. once I set > > > it to a 3600, the sessions remained and authorizations were succesful > > > But now this leads to another quandary. If I set the timeout to a > > > value and the user closes the browser without logging out, I would > > > like his/ her session to end and not remain because it hasnt reached > > > its timeout. How can I accomplish this ? Any ideas? > > > > > Thanks, > > > > > Anand > > > > > On Oct 26, 9:27 pm, Jeremy Burns | Class Outfit > > > <[email protected]> wrote: > > >> Do you have any auth code in the users controller? Have you pit a debug > > >> statement inside isAuthorized just before returning true to check that > > >> it is actually passing? > > > > >> Jeremy Burns > > >> Class Outfit > > > > >>http://www.classoutfit.com > > > > >> On 26 Oct 2011, at 22:15, Anand Ramamurthy wrote: > > > > >>> Hello, > > > > >>> I am a CakePHP newbie. I am implementing login features using > > >>> Authentication Component (User model). It works good. However I am > > >>> facing problem in Authorization and Statefulness features. Once I am > > >>> logged in I am unable to browse to other pages as user seems to be not > > >>> logged in. > > > > >>> This is my component variable in AppController: > > > > >>> public $components = array( > > >>> 'Session', > > >>> 'Auth' => array( > > >>> 'loginAction' => array('controller' => 'users', 'action' > > >>> => 'login'), > > >>> 'loginRedirect' => array('controller' => 'users', 'action' > > >>> => 'index'), > > >>> 'logoutRedirect' => array('controller' => 'home', 'action' > > >>> => 'index'), > > >>> 'authError' => 'Did you really think you are allowed to > > >>> see that?', > > >>> 'authenticate' => array( > > >>> 'Form' => array('fields' => array('username' => > > >>> 'email', 'password' => 'password')), > > >>> 'Basic' => array('userModel' => 'Users.User', 'fields' > > >>> => array('username' => 'email', 'password' => 'password')) > > >>> ), > > >>> 'authorize' => array('Controller') > > >>> ) > > >>> ); > > > > >>> //AppController beforeFilter > > >>> function beforeFilter() { > > > > >>> $this->Auth->autoRedirect = false; > > >>> $this->Auth->userModel = 'User'; > > >>> $this->Auth->allow('index', 'view'); > > >>> } > > > > >>> //AppController isAuthorized > > >>> public function isAuthorized($user) { > > > > >>> if (isset($user['role']) && $user['role'] == 'admin') { > > >>> return true; //Admin can access every action > > >>> } > > >>> return false; // The rest don't > > >>> } > > > > >>> The user I log in has the role of "admin" set in DB. The user is able > > >>> to login properly get redirected to index and then I try to use the > > >>> edit feature in the UsersController for which he should be authorized > > >>> but apparently instead I get redirected to login page again with the > > >>> message "You are not authorized!" > > > > >>> I would be grateful if somebody could chime in and help or provide > > >>> pointers as to what I could be doing wrong? > > > > >>> Thanks in advance. > > > > >>> Anand > > > > >>> -- > > >>> Our newest site for the community: CakePHP Video > > >>> Tutorialshttp://tv.cakephp.org > > >>> Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp > > >>> others with their CakePHP related questions. > > > > >>> To unsubscribe from this group, send email to > > >>> [email protected] For more options, visit this > > >>> group athttp://groups.google.com/group/cake-php > > > > > -- > > > Our newest site for the community: CakePHP Video > > > Tutorialshttp://tv.cakephp.org > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > [email protected] For more options, visit this group > > > athttp://groups.google.com/group/cake-php > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/cake-php > > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
