tags:

views:

36

answers:

2
Q: 

Why can't I set up my cookie duration with cakePHP

So, I've tried many many things, but still always end up with Cookies that have the duration set to "Session" when looked at with Developers Tools in Google Chrome. Here are my current settings:

core.php:

Configure::write('Session.cookie', 'session');
Configure::write('Session.timeout', '3600');
Configure::write('Session.start', true);
Configure::write('Security.level', 'high');

users_controller.php

$this->Cookie->write('xHi1PeWmAw', $user_record['User']['id']);

I tried changing the Security.level, the Session.timeout, using $this->Cookie->time = 3600; and combining all that, but I can't seem to be changing that duration. Also I tried with short and long durations, given that I would ideally for this cookie to last as long as possible. Can you please tell me what I am doing wrong?

A: 

Though I cannot guarantee this will fix your issue I can explain how to properly configure the sessions.

First you set your Security.timeout variable. This represents a timeout value in seconds, but this does not equal your sessions expiration time. This number is multiplied by a constant value depending on the setting of your Security.level variable.

'high' = x 10, 'medium' = x 100, 'low' = x 300,

This is what gives you your expiration time. For example, if you have a Session.timeout of 30, and a Security.level of low, your sessions will expire in 30*300 seconds, or 150 minutes.

Slruh  2010-10-19 03:28:44
well I did get this far, but what I don't get is "in which case my cookie will no longer have a real duration but become a 'session' cookie"... Thanks for trying though.
Damien  2010-10-19 10:02:29
A: 

If you you're using cookies as a session then it's time is set to 0. Which means it is set to expire when the browser closes. You could try to change this number in the controller as shown in the code below. See if that makes a difference. I have not tested this, but it is worth a shot. 

var $components = array('Cookie');
function beforeFilter() {
   $this->Cookie->name = 'baker_id';
   $this->Cookie->time = 3600; // or '1 hour' //IF 0 THIS IS A SESSION COOKIE
   $this->Cookie->domain = 'example.com';
   $this->Cookie->secure = true; //i.e. only sent if using secure HTTPS
   $this->Cookie->key = 'qSI232qs*&sXOw!';
}
Slruh  2010-10-19 14:30:17

related questions

Storing xml data in a cookie
Best way to secure an AJAX app
Is it possible to delete subdomain cookies?
What are the possible causes of a CGI::Session::CookieStore::TamperedWithCookie exception in rails
How do I access cookies within Flash?
Cookies and subdomains
Accessing Domain Cookies within an iFrame on Internet Explorer
Web Dev - Where to store state of a shopping-cart-like object?
Can JQuery read/write cookies to a browser?
Can you reliably set or delete a cookie during the server side processing of an Ajax (XHR) call?
How can I add cookies to Seaside responses without redirecting?
passing or reading .net cookie in php page
Best way for allowing subdomain session cookies using Tomcat
Why can't I delete this cookie?!
Apache Download: Make sure that page was viewed before download
Secure session cookies in ASP.NET over HTTPS
Always including the user in the django template context
How do you set up use HttpOnly cookies in PHP
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
How do HttpOnly cookies work with AJAX requests?
What is the best way to prevent session hijacking?
Associating source and search keywords with account creation
How would you implement FORM based authentication without a backing database?
How do I stop IIS7 dropping my cookies?