Nice catch.
Could be a bug, could someone with more experience check please? This is
what I've found:
I've debugged and haven't been able to find much, sorry. But this is what
happens to me:
- I login normally
- Sit and expire the session
- Try to access somewhere and get redirected to login with NO MESSAGE
- I login and get redirected to to Default location (not the auth.
redirect. Place I was trying to access)
I tried debugging, but couldn't follow everything, but this is what it looks
like to the untrained eye?
Although session expires, Auth SEEMS to write flash message to old session?
So it no longer exists when we login?
Could someone with more experience confirm or should I just head over to
trac now?
On Feb 16, 2008 10:55 AM, EchoChargen <[EMAIL PROTECTED]> wrote:
>
> Hello -
> Using 1.2 beta release 6311 with Auth component. I've set the session
> timeout to 60 seconds for testing (core.php "high" setting). I'm able
> to login and get redirected correctly to loginRedirect(). If I sit
> on a protected page and let the session time out, I get redirected
> back to the login page, but there is no flash message. I would expect
> authError to be displayed in this situation.
> In the case of a request to a page the current user is not authorized
> for, redirection to the login page happens and authError is
> displayed. For instance a request to /admin/users by a non-admin
> user.
>
> Here is my code:
> app_controller:
> function beforeFilter(){
> //Set up Auth Component
> $this->Auth->loginAction = '/users/login';
> $this->Auth->loginRedirect = array('controller' => 'users',
> 'action'
> => 'bouserview');
>
> $this->Auth->fields = array('username' => 'email',
> 'password' =>
> 'passwd');
> $this->Auth->autoRedirect = false;
> $this->Auth->loginError = 'Invalid e-mail / password
> combination.
> Please try again';
> $this->Auth->authError = 'Your session has expired or you
> are not
> authorized to access that location! Please log in again.';
> $this->Auth->authorize = 'controller';
> // Only allow active users to login
> $this->Auth->userScope = array('User.active' => 1); //user
> needs to
> be active.
> }
>
> function isAuthorized() {
> if (isset($this->params[Configure::read('Routing.admin')]))
> {
> if ($this->Auth->user('admin') == 0) {
> $this->Session->setFlash("You are not
> authorized to access that
> location!");
> $this->redirect($this->Auth->logout());
> return false;
> }
> }
> return true;
> }
>
> users_controller:
> function login() {
> $this->disableCache();
> if ($this->Auth->user()) {
> //if the redirect was due to a failed /admin* page,
> then set
> redirect to login page
> if (stristr($this->Session->read('Auth.redirect'),
> 'admin') ===
> TRUE) {
> $this->Session->write('Auth.redirect',
> '/users/login');
> }
> //set site_id in session
> $this->User->restrict(array('Site' =>
> array('fields' =>
> 'Site.id')));
> $site =
> $this->User->Site->findByUserId($this->Auth->user('id'));
> $site_id = $site['Site']['id'];
> $this->Session->write('site_id', $site_id);
> $this->redirect($this->Auth->redirect());
> }
> }
>
> function logout(){
> $this->Session->setFlash("You've successfully logged out.");
> //$this->redirect($this->Auth->logout());
> $logOutUrl = $this->Auth->logout();
> $this->redirect($logOutUrl);
> }
>
> Thanks for any help provided,
> Jeremy
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
