CakePHP auth session vs. cookie not updating

Question

Hello, I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:

I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)

19:00:00 - user loads the page - cookie is set up

19:00:05 - user logs in (cookie doesn't change the expiration date)

19:00:30 - page refresh (cookie doesn't change the expiration date)

19:00:55 - page refresh (cookie doesn't change the expiration date)

19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)

So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself? All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated

Answer 1

deceze: I just changed returned value from inactiveMins(), so I don't have to wait 5 years for the session to expire with security == low :) I didn't leave that change, did svn:revert after that.

I found a partial solution. When session id is regenerated after each request (security == high) the cookie is updated with each page refresh