I have a problem with hiding the programming Language (Laravel 5.5) of my website
I tried a lot of different ways but did not get any result.
I changed my session config/session.php:
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'laravel'), '_').'_session'
),
but it hasn't worked.
If you do not want to show the programming language of your Website in Chrome extensions then you have to change the setting in php.ini
change expose_php = On
to
expose_php = off
You can also tweak it in your .htaccess.
Hope it helps.
You may need this basically for security reasons. When somebody installed this plugin (https://wappalyzer.com/download) on the browser, s/he can see all the frameworks and javascript libraries among other things.
So hide framwork name from plugin , just go in config/session.php file and edit bellow code
/*
|--------------------------------------------------------------------------
| Session Cookie Name
|--------------------------------------------------------------------------
|
| Here you may change the name of the cookie used to identify a session
| instance by ID. The name specified here will get used every time a
| new session cookie is created by the framework for every driver.
|
*/
'cookie' => env(
'SESSION_COOKIE',
str_slug(env('APP_NAME', 'yourname_that_you_want_to_add'), '_').'_session'
),
Related
I have a problem with the sessions on the shared hosting.
I developed an app on a local server (XAMPP) and it works great (sessions, auth etc). The problems have appeared when I moved the app on a shared hosting.
I realized that the sessions are not persisting from a page to another or from AJAX files to another page and the Authentication does not work either .
The only session that persists is the _token which has a different value after every refresh of the page.
I have the following configuration in the session.php file:
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => false,
'lottery' => array(2, 100),
'path' => '/',
'domain' => null
First, I used file driver and I had the same problem, and now I used the database.
Both file and database work on the local server but on the shared hosting they do not.
I tried all the solutions found on the forum but still I have the same problem.
I think the problem is at the session domain setting because when I change the value from null to other string on my local server, I have the same problem that I have encountered online.
Can you help me, please!
Thanks, Mirel
I fixed the problem. In my case the error because I have added a php closed tag ?> in the end of the included files. So removing this tag will bring the application back to normal behavior.
Sometimes when i bring changes in CSS or in HTML contents or maybe controllers, i refresh many times but the change not applies in the app and it still looks like the past. Does anyone faced this problem? or how i'm going to solve this issue?
If you're not using PSR-4 autoloading. You'll need to reflect new controllers with $ composer dump-autoload -o (note the -o optimises the class-mapping).
Other than that, are you behind any caching drivers?
For good measure, change the following in your development cache config(\app\config\development\cache.php) (Don't have a development folder? Read this) as well:
<?php
return array(
/*
|--------------------------------------------------------------------------
| Default Cache Driver
|--------------------------------------------------------------------------
|
| This option controls the default cache "driver" that will be used when
| using the Caching library. Of course, you may use other drivers any
| time you wish. This is the default when another is not specified.
|
| Supported: "file", "database", "apc", "memcached", "redis", "array"
|
*/
'driver' => 'file',
Laravel will store all your cache files in the following folder: app\storage\cache and view caches in: app\storage\view. Clear both when necessary.
I created a webshop using Laravel and everything has been going smoothly until recently I started getting TokenMismatchExceptions.
The users are able to log in without any problems. The issue occurs whenever a user tries to add an item to the shopping-cart. I didn't really change anything on the page, and it seems that this started to occur by it self. The only thing I did to the server was clearing the cache. Could this cause the issue to occur?
All my controllers start with:
public function __construct() {
parent::__construct();
$this->beforeFilter('csrf', array('on'=>'post'));
}
My sessions config is set up like this:
/*
|--------------------------------------------------------------------------
| Default Session Driver
|--------------------------------------------------------------------------
|
| This option controls the default session "driver" that will be used on
| requests. By default, we will use the lightweight native driver but
| you may specify any of the other wonderful drivers provided here.
|
| Supported: "file", "cookie", "database", "apc",
| "memcached", "redis", "array"
|
*/
'driver' => 'file',
/*
|--------------------------------------------------------------------------
| Session Lifetime
|--------------------------------------------------------------------------
|
| Here you may specify the number of minutes that you wish the session
| to be allowed to remain idle before it expires. If you want them
| to immediately expire on the browser closing, set that option.
|
*/
'lifetime' => 15,
'expire_on_close' => false,
Am I using the csrf filter wrong? I can't seem to find a solution to this issue.
-EDIT-
I tried taking off my csrf filters from the controllers, and now the user gets automatically logged off when adding an item to the shopping-cart (I guess this is the problem).
I’ve installed CakePHP into sub-directories and they seem to run fine! They all have different database.php configuration files and access different databases.
Example:
public_html/cakephp1/
public_html/cakephp2/
I access them separately using http://www.example.com/cakephp1/ and http://www.example.com/cakephp2/ and it all seems fine.
Problem occurs when I log into one of them (using CakePHP standard Auth/Session components), and I when I flip over to the other installation it also considers me as already logged in!
How do I prevent this? What’s the recommended solution? Will it help if I change the salt value in each installation?
EDIT:
Hi Martin, I've just tried the method of changing core.php to use "cake" session handling and specifying a cookie path. So now in each application i have different core.php files as such:
cakephp1's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp1'
)
));
cakephp2's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp2'
)
));
But still does not work and both installs seem to still share the same session. Where should I be looking to see if a cookie was actually created? I've checked the folder tmp/sessions under each /cakephp1 and /cakephp2 but that folder is always empty.
EDIT: Modifying AppController:
Martin, please help me suggest where else to look. I've followed ur code as follows:
Below is the code from my /demo/ installation (resides at public_html/demo/)
Can you tell me where I can find the cookie that is supposed to be created with your code?
If it is supposed to be at public_html/demo/app/tmp/sessions, I see nothing there even after logging in. There is also nothing under public_html/demo/ other than standard CakePHP folders.
This is from my AppController for the /demo/ installation which is accessed via http://www.example.com/demo/ as opposed to the other installation which is at http://www.example.com/tst/
public $components = array(
//'DebugKit.Toolbar',
'Cookie',
'Session',
'Auth'=>array(
//Stuff
)
}
public function beforeFilter() {
//Logic placed here will run before the action is run
parent::beforeFilter();
$this->Cookie->path = '/demo/';
}
The core.php is set as default which is:
Configure::write('Session', array(
'defaults' => 'php'
));
You’ll need to restrict cookies in each of your applications to their respective sub-directories. For example, in your AppController.php you can do this in a beforeFilter() action:
<?php
class AppController extends Controller {
public $components = array(
'Cookie',
);
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->path = '/cakephp1/';
}
}
See http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#controller-setup for more details.
I had similar issue.
Use below code for first cakephp application in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp1');
while in second cakephp application use the below code in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp2');
Finally fixed my problem.
I had a session_start() php commandsomewhere in my code which overwrote all the core.php config, and basically it restored the php.ini session management settings.
CakePHP Session being written to /tmp/ and not /app/tmp/sessions/
Although there are answers that talk about cookies but don't mention about using Cake's own session or PHP's session. So, I thought it'd be good to share a documented way of achieving this.
CakePHP (at least 2.x), by default uses php session settings from php.ini.
The setting can be found in /app/Config/core.php and well documented there:
Configure::write('Session', array(
'defaults' => 'php' // possible values: php, cake, database, cache
));
For apps with own cake installation directory, it is as simple as changing the above value to cake which tells the app to use app/tmp/sessions for saving session files. It is imperative to mention that a different cookie name for each installation may be needed:
Configure::write('Session', array(
'defaults' => 'cake'
'cookie' => 'myApp1' // something like 'myApp2' for other app
));
Cookbook has good documentation on all settings related to sessions.
I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.