I believe that the checking is preventing the hijack of someones session. And if the User Agent changes during the same session that's most likely due to a hijacked session so cake prevents that.
On Feb 4, 3:18 pm, ncherro <[email protected]> wrote: > I am using Rad Upload in the admin section of my website, and in order > to get it to work, I have to set Session.checkAgent to false. In the > cake docs it says: > > 'When set to false, CakePHP sessions will not check to ensure the user > agent does not change between requests.' > > Can someone explain why the user agent changing is a security issue? > I'm having a hard time finding a clear answer, and I am not sure if I > want to disable the agent check in my app. > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
