CakePHP keeps logging me out

Asked 23/4, 2012 at 10:9 Answered 21/5, 2013 at 10:17

Recently i have made three Cake Apps and all three share this problem. The config is mostly stock and i use this as the session options.

Configure::write('Session', array(
    'defaults' => 'php',
    'cookie' => 'test'
));

After lots of googling everyone just suggests that the security level is too high, but i have never changed this value, it's:

Configure::write('Security.level', 'medium');

Edit: I have also tried with low security and no change.

I am only using basic auth to check if the user is logged in or not.

After logging in the cookie is set to expire three hours later and the expire date doesn't update until I log in again, is this normal?

I cant seem to replicate the problem at all, sometimes I will log in and the very next click will log me out again and other times it will last a while.

I am using Chrome on Windows 7 and there is no AJAX on the website.

Any ideas? Thanks.

Cartography answered 23/4, 2012 at 10:9 Comment(4)

It happens with mee too...Try changing Configure::write('Security.level', 'low'); !! – Inchoative 23/4, 2012 at 10:48

No need to fly off the handle and start suing browsers now ;) – Tallulah 25/4, 2012 at 15:40

@Jleagle where do you set Cookie time for logged user and how? post the code, please.. – Lepidopteran 25/4, 2012 at 17:19

Do you mean Session.timeout in config.php? I have not modified it. – Cartography 25/4, 2012 at 21:21

Are you using Ajax. Is the problem only happening in IE?

IE uses a different Browser Agent string for Ajax calls to the browser itself. For extra security, Cake checks the browser agent and, in the case of IE, thinks another browser is trying to hijack the session as the agent is different.

You can disable this check with:

Configure::write('Session.checkAgent', false);

Mercenary answered 23/4, 2012 at 10:59 Comment(1)

I am not using AJAX at all. And the only browser i have tried in is Chrome. – Cartography 23/4, 2012 at 11:16

After running into the same problem I've found that this was caused by the Session.cookieTimeout value. Although the php session was still valid, the expiration date on the session cookie does not get refreshed.

This is now my session config

Configure::write('Session', array(
        'defaults' => 'php',
        'timeout' => 30, // The session will timeout after 30 minutes of inactivity
        'cookieTimeout' => 1440, // The session cookie will live for at most 24 hours, this does not effect session timeouts
        'checkAgent' => false,
        'autoRegenerate' => true, // causes the session expiration time to reset on each page load
    ));

Strike answered 21/5, 2013 at 10:17 Comment(0)

You are not the only one having issues with CakePHP sessions on Chrome browser.

Pixelastic fellow coder suggests the following fix, quote :

Just create file named session_custom.php in app/config/, drop the following lines in it:

// Killing this config that was causing so much trouble with Chrome
ini_set('session.referer_check', '');

// No session id in url
ini_set('session.use_trans_sid', 0);

// Using custom cookie name instead of PHPSESSID
ini_set('session.name', Configure::read('Session.cookie'));

// Cookie like time, depending on security level
ini_set('session.cookie_lifetime', $this->cookieLifeTime);

// Cookie path
ini_set('session.cookie_path', $this->path);

Then set Configure::write('Session.save', 'session_custom'); in your core.php file.

Nadabus answered 26/4, 2012 at 8:59 Comment(2)

This looks helpful, but I think its about 1.3, not 2.1. THis line ini_set('session.name', Configure::read('Session.cookie')); i think is already added to 2.1 - I will investigate further – Cartography 26/4, 2012 at 10:42

I just tried with the ini_set('session.referer_check', ''); line and then will your full code and neither stopped it from happening. Although I do believe its a problem for Chrome only. – Cartography 26/4, 2012 at 11:4

the problem is with sessions:

First check ur 'phpinfo();'

check if the sessions are file based.

if yes, go through the process.

create a new script file(php) which contains only this code:<?php var_dump(session_save_path());?>

run it if you get null or empty string then go for this process:

first create a directory in your root folder name it 'xyz' or whatever u want.
make it writable i.e. chmod 777.
go to the script where you start sessions and before starting the sessions change your session_save_path to the newly created directory. i.e.: session_save_path('pathToxyz');

and then you r done.

if in case the sessions are set as memory: no configuration is required. they just use system memory. in that case you would never have got in to this problem.

Spiffing answered 1/5, 2012 at 9:53 Comment(2)

what part of phpinfo tell me what I need to know? - var_dump(session_save_path()); gives me string(20) "/var/lib/php/session" – Cartography 1/5, 2012 at 11:7

ok your sessions are properly set. so this ain't your solution Try to var_dump the data for login at every step so that you can get what is going on in the program. maybe this will help you out :) – Spiffing 1/5, 2012 at 11:13

Recommended topics

Hot tags