Login/Register
Configuration setting 'Security.level' in CakePHP 2.x still used?
Asked Answered
Solved phpcakephpcakephp-1.3cakephp-2.2
L

2

5

I can't find any reference to the Security.level configuration setting from Cake 1.3 in the CakePHP 2.2 manual.

I also can't find any reference to this setting in the migration guide.

This setting had a big impact on the session timer in Cake 1.3.

Security.level

The level of CakePHP security. The session timeout time defined in ‘Session.timeout’ is multiplied according to the settings here.

'high' = x 10 'medium' = x 100 'low' = x 300 'high' and 'medium' also enable session.referer_check

Has this setting in the config.php of an application been removed in CakePHP 2.x?

Levo answered 21/1, 2013 at 19:47 Comment(0)
F
5

No the setting has not been removed

It still exists in core.php

/**
 * The level of CakePHP security.
 */
Configure::write('Security.level', 'medium');

But...

It's not used in 2.x.

The only reference to this setting is in Security::inactiveMins - which isn't called by anything else. Therefore, while there is still an artefact of this setting left over in 2.x, the intention of this setting has been removed and hence it's not in the 2.x docs.

Faubourg answered 21/1, 2013 at 20:0 Comment(2)
So, why don't you, as a collaborator, mention this in CakePHP documentaion? The support for CakePHP 1.3 is ending or ended and we are migrating from it.Rosecan
It should be mentioned in the migration guide, it'll be an oversight that it's not there - as you would like the docs to mention this why don't you, as anyone can, click "Improve this Doc" instead of commanding that I do it =).Faubourg
B
3

With CakePHP 2.3 Security.level was removed from core.php.

Session timeout is set by this setting:

Configure::write('Session.timeout', '120');

Also: Modify session cookie expiry and session timeout for a CakePHP session

Bueschel answered 2/3, 2014 at 8:4 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.