It looks like the code is in CakeSession.php
I think I solved the cookie expiration problem with this in the core.php:
Configure::write('Session', array(
'defaults' => 'php',
'cookieTimeout' => 0, //Lives until the browser is closed.
'checkAgent' => false //To fix a little the Chrome Frame problem
));
Pretty much all main website manage the session expiration using a session
cookie (that get removed when the browser is closed). Exceptions are
website that keep you loggedin like Facebook. They set the cookie
expiration to a month after login (but the user actually have to check the
box - "keep me logged in").
I think though that setting by default the cookie expiration to 6h (I think
it is the PHP session default) and NEVER updated it is a *BUG*. If the user
is on the website for 6h, he should not be forced to logging again. This is
a major problem if the user is writing some very long text into a page that
save the text with Ajax calls.*
*
BTW, the default behavior can actually create more security problems that
leave the cookie expire with the session. In fact if the user is on a
public computer and close the browser to finish his/her session, the
following user that connect before the 6h limit is going to be able to
reconnect to the website under the previous user credentials.*
*Best, Chris*
*
On Tue, Sep 4, 2012 at 12:19 PM, Chris Cinelli <
[email protected]> wrote:
> Anybody that know at least what it is the expected behavior?
> Is it normal that the CAKEPHP cookie has 6h expiration after login and
> never get updated?
>
> Best,
> Chris
>
>
> On Fri, Aug 31, 2012 at 2:20 PM, Chris Cinelli <
> [email protected]> wrote:
>
>> We are using CakePHP 2.2.1 on Ubuntu 12.04 but I notice this behavior
>> also on my Mac running on XAMPP and as far as I know we have always had
>> this problem.
>>
>> I would expect that:
>>
>> 1. The session expires if after a certain amount of time if there are
>> no more calls to the server.
>> 2. Activity on the server should update the expiring time.
>>
>>
>> Instead we noticed that after a certain amount of time, the user get
>> logged out and he has to log back in even if he accessed a page just a a
>> minute before.
>> I actually put even a "hertbeat" AJAX call that is been called every 20
>> minutes that was supposed to prevent the session to expire, but sessions
>> keep getting lost.
>>
>> Is this the intended behavior?
>>
>> If it not I am not sure if the problem is on the frontend's cookie or the
>> backend;s session. I noticed that the CAKEPHP cookie has 6h expiration time
>> since I log in and it never get renewed.
>>
>> Best,
>> Chris
>>
>>
>>
>> --
>> --Everything should be made as simple as possible, but not simpler
>> (Albert Einstein)
>>
>
>
>
> --
> --Everything should be made as simple as possible, but not simpler (Albert
> Einstein)
>
--
--Everything should be made as simple as possible, but not simpler (Albert
Einstein)
--
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
