开发者

CakePHP auth session vs. cookie not updating

开发者 https://www.devze.com 2023-01-17 21:14 出处:网络
I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn\'t cha

I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:

I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)

19:00:00 - user loads the page - cookie is set up

19:00:05 - user logs in (cookie doesn't change the expiration date)

19:00:30 - page refresh (cookie doesn't change the expiration date)

19:00:55 - page refresh (cookie doesn't change the expiration date)

19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)

So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself? All I did is set up a cookie name in c开发者_JAVA技巧onfig/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated


I had the same issue and countered it with the following code which is called on every page load and ajax call.

    if(isset($_COOKIE[Configure::read("Session.cookie")])){
            $session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
            setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
    }
0

精彩评论

暂无评论...
验证码 换一张
取 消