Ok I tried to set CAKE security on a medium level, and now it works correctly. Thanks to all.
On 3 Nov, 15:55, mcphisto <[EMAIL PROTECTED]> wrote: > Ok, maybe this is the problem. I experienced sessions falling when > using live search or when opening blank pages. Now I changed the > configuration in core php as in the article suggested by monmonja. > Very good and clear article. Now I try and then I'l tell you. > > Thank you. > > On 3 Nov, 15:07, monmonja <[EMAIL PROTECTED]> wrote: > > > > > You could probably look at > > thishttp://monmonja.com/blog/2008/09/making-cakephp-and-session-work/ > > > On Nov 3, 7:44 pm, "[EMAIL PROTECTED]" > > > <[EMAIL PROTECTED]> wrote: > > > There has been scattered reports from people experiencing > > > unpredictable loss of sessions. > > > I have noticed this myself at times. > > > > What I understood about it was that the problem stems from the level > > > of security set in Cake's config. When it is set "too high" you can > > > accidentally be caught "hacking your own app" so to speek. The phrase > > > "too high" is definitely poorly chosen and should not be taken to mean > > > that most of us should lower our default security settings. > > > > An example of what can happen: You have a page doing periodical ajax > > > calls. You click a link during the time Cake is processing one of > > > these ajax calls. Your request will be "parallel" with the ajax call > > > and therefore caught in the security check. Or at least something > > > roughly like this. I have not had a detailed look inside Cakes > > > security and session classes. > > > > I have also noticed this happening when uploading files and doing 2-3 > > > redirects after each-other. Those are unfortunately hard to reproduce > > > at will. > > > > /Martin > > > > On Nov 3, 10:08 am, mcphisto <[EMAIL PROTECTED]> wrote: > > > > > Well, > > > > I've a big big problem with two applications of mine. I use an > > > > authentication method made with before filter. > > > > The problem is that, after a login it works correctly. Then, without a > > > > reason, the application seems to loose the session and brings me back > > > > to the login form. For this reason, I really can't understand what > > > > happens and when. Is there a way to produce a log for the application? > > > > Or otherwise, how I can unserstand what happens? That's the code in > > > > app_controller.php: > > > > > function checkSession() > > > > { > > > > // If the session info hasn't been set... > > > > if (!$this->Session->check('Dealer')) > > > > { > > > > // Force the user to login > > > > $this->redirect('/dealers/login'); > > > > exit(); > > > > } > > > > } > > > > > And this in dealer_controller.php > > > > > function login() > > > > { > > > > //Don't show the error message if no data has been submitted. > > > > $this->set('error', false); > > > > > // If a user has submitted form data: > > > > if (!empty($this->data)) > > > > { > > > > // First, let's see if there are any users in the database > > > > // with the username supplied by the user using the form: > > > > > $someone = $this->Dealer->findByUsername($this- > > > > > >data['Dealer']['username']); > > > > > // At this point, $someone is full of user data, or its > > > > empty. > > > > // Let's compare the form-submitted password with the one > > > > in > > > > // the database. > > > > > if(!empty($someone['Dealer']['username']) && > > > > $someone['Dealer']['password'] == $this->data['Dealer']['password']) > > > > { > > > > // Note: hopefully your password in the DB is hashed, > > > > // so your comparison might look more like: > > > > // md5($this->data['User']['password']) == ... > > > > > // This means they were the same. We can now build > > > > some basic > > > > // session information to remember this user as > > > > 'logged-in'. > > > > > $this->Session->write('Dealer', $someone['Dealer']); > > > > > // Now that we have them stored in a session, forward > > > > them on > > > > // to a landing page for the application. > > > > > $this->redirect('/customers/index_search'); > > > > } > > > > // Else, they supplied incorrect data: > > > > else > > > > { > > > > // Remember the $error var in the view? Let's set that > > > > to true: > > > > $this->set('error', true); > > > > } > > > > } > > > > } > > > > > function logout() > > > > { > > > > // Redirect users to this action if they click on a Logout > > > > button. > > > > // All we need to do here is trash the session information: > > > > > $this->Session->delete('Dealer'); > > > > > // And we should probably forward them somewhere, too... > > > > > $this->redirect('/dealers/login'); > > > > }- Nascondi testo citato > > > - Mostra testo citato -- Nascondi testo citato > > - Mostra testo citato - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
