Re: [CakePHP : The Rapid Development Framework for PHP] #5782: Auth.redirect session value lost when linking from external site.

Thu, 20 Nov 2008 20:00:49 -0800 

#5782: Auth.redirect session value lost when linking from external site.
-----------------------------------------------------+----------------------
    Reporter:  pearj                                 |         Owner:         
        Type:  Bug                                   |        Status:  new    
    Priority:  Medium                                |     Milestone:  1.2.x.x
   Component:  General                               |       Version:  RC3    
    Severity:  Normal                                |    Resolution:         
    Keywords:  session login Auth.redirect external  |   Php_version:  PHP 5  
Cake_version:                                        |  
-----------------------------------------------------+----------------------
Comment (by pearj):

 For a work around you can add this before session_start in
 CakeSession::__startSession()

 ini_set('session.referer_check', env('HTTP_REFERER'));

 I don't think this is a particularly good idea to disable to http referer
 session checking, but it fixed my immediate problem temporarily.

 Oh, it looks like the referer check is by design in cakephp, I can see it
 in __initSession()

 {{{
 switch($this->security) {
         case 'high':
                 $this->cookieLifeTime = 0;
                 if ($ini_set) {
                         ini_set('session.referer_check', $this->host);
                 }
         break;
         case 'medium':
                 $this->cookieLifeTime = 7 * 86400;
                 if ($ini_set) {
                         ini_set('session.referer_check', $this->host);
                 }
         break;
         case 'low':
         default:
                 $this->cookieLifeTime = 788940000;
         break;
 }
 }}}

 Hmm it seems odd to break the login process like that, to me at least.

-- 
Ticket URL: <https://trac.cakephp.org/ticket/5782#comment:4>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to