CakePHP keeps logging me out

2020-06-17 06:03发布

站内问答 / PHP
1182 4 4

Recently i have made three Cake Apps and all three share this problem. The config is mostly stock and i use this as the session options.

Configure::write('Session', array(
    'defaults' => 'php',
    'cookie' => 'test'
));

After lots of googling everyone just suggests that the security level is too high, but i have never changed this value, it's:

Configure::write('Security.level', 'medium');

Edit: I have also tried with low security and no change.

I am only using basic auth to check if the user is logged in or not.

After logging in the cookie is set to expire three hours later and the expire date doesn't update until I log in again, is this normal?

I cant seem to replicate the problem at all, sometimes I will log in and the very next click will log me out again and other times it will last a while.

I am using Chrome on Windows 7 and there is no AJAX on the website.

Any ideas? Thanks.

4条回答
再贱就再见
2楼-- · 2020-06-17 06:10

After running into the same problem I've found that this was caused by the Session.cookieTimeout value. Although the php session was still valid, the expiration date on the session cookie does not get refreshed.

This is now my session config

Configure::write('Session', array(
        'defaults' => 'php',
        'timeout' => 30, // The session will timeout after 30 minutes of inactivity
        'cookieTimeout' => 1440, // The session cookie will live for at most 24 hours, this does not effect session timeouts
        'checkAgent' => false,
        'autoRegenerate' => true, // causes the session expiration time to reset on each page load
    ));
查看更多
0人赞 添加讨论(0) 举报
叼着烟拽天下
3楼-- · 2020-06-17 06:14

You are not the only one having issues with CakePHP sessions on Chrome browser.

Pixelastic fellow coder suggests the following fix, quote :

Just create file named session_custom.php in app/config/, drop the following lines in it: 

// Killing this config that was causing so much trouble with Chrome
ini_set('session.referer_check', '');

// No session id in url
ini_set('session.use_trans_sid', 0);

// Using custom cookie name instead of PHPSESSID
ini_set('session.name', Configure::read('Session.cookie'));

// Cookie like time, depending on security level
ini_set('session.cookie_lifetime', $this->cookieLifeTime);

// Cookie path
ini_set('session.cookie_path', $this->path);

Then set Configure::write('Session.save', 'session_custom'); in your core.php file.

查看更多
0人赞 添加讨论(0) 举报
孤傲高冷的网名
4楼-- · 2020-06-17 06:24

Are you using Ajax. Is the problem only happening in IE?

IE uses a different Browser Agent string for Ajax calls to the browser itself. For extra security, Cake checks the browser agent and, in the case of IE, thinks another browser is trying to hijack the session as the agent is different.

You can disable this check with:

Configure::write('Session.checkAgent', false);
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
5楼-- · 2020-06-17 06:25

the problem is with sessions:

First check ur 'phpinfo();'

check if the sessions are file based.

if yes, go through the process.

create a new script file(php) which contains only this code:<?php var_dump(session_save_path());?>

run it if you get null or empty string then go for this process:

  1. first create a directory in your root folder name it 'xyz' or whatever u want.
  2. make it writable i.e. chmod 777.
  3. go to the script where you start sessions and before starting the sessions change your session_save_path to the newly created directory. i.e.: session_save_path('pathToxyz');

and then you r done.

if in case the sessions are set as memory: no configuration is required. they just use system memory. in that case you would never have got in to this problem.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)