CakePHP session/auth logging out intermittently

views:

1077

answers:

+5 Q:

CakePHP session/auth logging out intermittently

I'm having reports and complaints from my user that they will be using a screen and get kicked back to the login screen immediately on their next request. It doesn't happen all the time but randomly.

I am using CakePHP and the Auth component, which seem to work well other than this issue

I got some feedback on the Cake forums once that this is sometimes caused by a 404 request that resets the session, i.e. if you have a broken image link or a missing favicon file. I have firebug open and there are no failed requests, so I ruled this out as a possibility, but the user is getting sporadically logged out. This seems to occur across browsers and operating systems.

Below is a summary of my config settings: Security.level = high Session.timeout = 1200 // this means my actual timeout should be 12,000 seconds Session.save = php

I am really at a loss as to what is causing this issue...

Check your Auth->allow or ->deny, because it might be, that your user accesses an restricted part or action of your controller(s).

Second, check your specific Sanitize of CakePHP, because 'high security' options often like to cause trouble.

404 pages reset the session? I never heard about that.

I think your problem is located somewhere in the authentication routines. If you restrict too many things it can happen, that some constellations of requests will fail due to their missing attributes.

For example: UserOne tries to access your website, his user name contains some strings which cause wrong interpretation of the user name. The name could be found within the database, but the authentication could not link it to the request.

Errors like this always hide inside your code, where you did not expect them to be.

daemonfire300 2009-10-15 16:44:50

Sorry, I probably needed to specify further.. the user login process with Auth is fine. When trying to access /admin/ urls I have it set to require Auth, and it does so for the correct screens. Logging in is no problem, it finds the names in the database, but the problem is that it will sporadically kick me out when I'm already in.

Nathan 2009-10-15 16:48:27

The 404 request apparently can reset the Cake Auth/Session, not a generic PHP issue

Nathan 2009-10-15 16:49:08

Try to set up cakephp once again including your database (etc.) this might help.

daemonfire300 2009-10-15 17:03:41

+5 A:

I have also had a problem with my security set to high. When you have it set to high it regenerates the session on every request: "CakePHP session IDs are also regenerated between requests if 'Security.level' is set to 'high'."

I had this problem cross-browser as well, so I know its not the best solution but I just changed the security setting to medium, and changed my session timeout to reflect that setting and have not had any problems since.

Matt 2009-10-15 18:51:05

thanks, I'll give that a shot

Nathan 2009-10-15 23:50:53

You are a lifesaver.

Michael 2010-02-25 06:42:33

Thanks! 8 more to go....

Justin 2010-10-08 14:09:16

Security.level on high will do that. set it to medium in core.php

dogmatic69 2009-10-16 10:47:49

I had a similar problem, I found it to be the user_agent check in the core.php file, set this to false!

What was happening was after a page refresh the session id changed and I was logged out, but in the Session object there was an error saying Attempted Session Hijack!!! pr($this->Session);

Set this to false in core.php! Configure::write('Session.checkAgent', false);

Alex Payne 2010-02-12 10:45:48

ansaurus

tags:

views:

answers:

CakePHP session/auth logging out intermittently

related questions