I have a problem with the sessions on the shared hosting.
I developed an app on a local server (XAMPP) and it works great (sessions, auth etc). The problems have appeared when I moved the app on a shared hosting.
I realized that the sessions are not persisting from a page to another or from AJAX files to another page and the Authentication does not work either .
The only session that persists is the _token which has a different value after every refresh of the page.
I have the following configuration in the session.php file:
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => false,
'lottery' => array(2, 100),
'path' => '/',
'domain' => null
First, I used file driver and I had the same problem, and now I used the database.
Both file and database work on the local server but on the shared hosting they do not.
I tried all the solutions found on the forum but still I have the same problem.
I think the problem is at the session domain setting because when I change the value from null to other string on my local server, I have the same problem that I have encountered online.
Can you help me, please!
Thanks, Mirel
I fixed the problem. In my case the error because I have added a php closed tag ?> in the end of the included files. So removing this tag will bring the application back to normal behavior.
Related
I’ve installed CakePHP into sub-directories and they seem to run fine! They all have different database.php configuration files and access different databases.
Example:
public_html/cakephp1/
public_html/cakephp2/
I access them separately using http://www.example.com/cakephp1/ and http://www.example.com/cakephp2/ and it all seems fine.
Problem occurs when I log into one of them (using CakePHP standard Auth/Session components), and I when I flip over to the other installation it also considers me as already logged in!
How do I prevent this? What’s the recommended solution? Will it help if I change the salt value in each installation?
EDIT:
Hi Martin, I've just tried the method of changing core.php to use "cake" session handling and specifying a cookie path. So now in each application i have different core.php files as such:
cakephp1's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp1'
)
));
cakephp2's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp2'
)
));
But still does not work and both installs seem to still share the same session. Where should I be looking to see if a cookie was actually created? I've checked the folder tmp/sessions under each /cakephp1 and /cakephp2 but that folder is always empty.
EDIT: Modifying AppController:
Martin, please help me suggest where else to look. I've followed ur code as follows:
Below is the code from my /demo/ installation (resides at public_html/demo/)
Can you tell me where I can find the cookie that is supposed to be created with your code?
If it is supposed to be at public_html/demo/app/tmp/sessions, I see nothing there even after logging in. There is also nothing under public_html/demo/ other than standard CakePHP folders.
This is from my AppController for the /demo/ installation which is accessed via http://www.example.com/demo/ as opposed to the other installation which is at http://www.example.com/tst/
public $components = array(
//'DebugKit.Toolbar',
'Cookie',
'Session',
'Auth'=>array(
//Stuff
)
}
public function beforeFilter() {
//Logic placed here will run before the action is run
parent::beforeFilter();
$this->Cookie->path = '/demo/';
}
The core.php is set as default which is:
Configure::write('Session', array(
'defaults' => 'php'
));
You’ll need to restrict cookies in each of your applications to their respective sub-directories. For example, in your AppController.php you can do this in a beforeFilter() action:
<?php
class AppController extends Controller {
public $components = array(
'Cookie',
);
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->path = '/cakephp1/';
}
}
See http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#controller-setup for more details.
I had similar issue.
Use below code for first cakephp application in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp1');
while in second cakephp application use the below code in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp2');
Finally fixed my problem.
I had a session_start() php commandsomewhere in my code which overwrote all the core.php config, and basically it restored the php.ini session management settings.
CakePHP Session being written to /tmp/ and not /app/tmp/sessions/
Although there are answers that talk about cookies but don't mention about using Cake's own session or PHP's session. So, I thought it'd be good to share a documented way of achieving this.
CakePHP (at least 2.x), by default uses php session settings from php.ini.
The setting can be found in /app/Config/core.php and well documented there:
Configure::write('Session', array(
'defaults' => 'php' // possible values: php, cake, database, cache
));
For apps with own cake installation directory, it is as simple as changing the above value to cake which tells the app to use app/tmp/sessions for saving session files. It is imperative to mention that a different cookie name for each installation may be needed:
Configure::write('Session', array(
'defaults' => 'cake'
'cookie' => 'myApp1' // something like 'myApp2' for other app
));
Cookbook has good documentation on all settings related to sessions.
I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.
I am working in cakephp. My all code working fine but when I upload the code on server then session functionality does not work.
There are no error on server.Just session does not write or read.
I am using go Daddy hosting.
my core file settings are:-
Configure::write('Session', array(
'defaults' => 'cake'
));
// Session cookie now persists across all subdomains
ini_set('session.cookie_domain', env('HTTP_BASE'));
and temp folder is writable and session id and other values in session are shown in temp folder file.but session still not working.
I got my answer that there is a space problem after php closing tag in my one cotroller so just removed that space like
(?> ) to (?>)
Recently I moved my cakephp site from a hosting service to an other. The page was working like a charm, but now I'm having the issue, that my sessions randomly drop.
I'm on a shared hosting service, so I changed cake's session defaults from php to cake, now my sessions are saved to my tmp/sessions folder. (but it wasn't working with php either)
Followed my session's way with Firebug:
When i log into the page, i have a Sessionid, and in the tmp/sessions folder i have the corresponding sess_{sessionid} file too.
After a few clicks on some pages (totally random) my sessionid changes and i'm "logged out".
The session file with which i've logged in, remained in the directory.
My session settings in core.php right now:
Configure::write('Session', array(
'defaults' => 'cake'
));
I'm using the 2.3.8 version of Cake.
Update:
Finally i found the problem thanks to Nick. I checked the Cakephp error files, and found out that i only got logged out, when i visited a page containing an element, which was not on the server ( eg a picture was missing). So i went to Firebug, and check what the Net tab says. On the new Host service i got a 404 Not Found response AND a new session id set in the response, whilst on the other servers i tested the page, i simply got a 404 Not Found. If i randomly generate links to not existing files like (domain/test.jpg) i get the same results.
Try these settings, in Firefox you can install the web develop extension, then you can view your cookie to see if it is all set correct.
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'yourdomain',
'timeout' => 44640,
));
Check any components that you are using for whitespace (usually at the end of the file).
I came across this recently whilst helping a client with their existing CakePHP site, when logged in one particular page that called a component was killing $this->Session->read(‘Auth’).
There is a CakePHP shell that you can use to find whitespace.
I have a CakePHP 2.x site I'm working on which performs as intended locally. Login works, session flash messages work, etc. When I push the code to my staging/prod server it's breaking.
Logins no longer work, no session flash messages appear, some controller actions that should be redirecting to /user/login are displaying nothing (empty document), etc.
I'm at a loss as to what the problem would be. Based on the issues I'm experiencing and some searching I've done I believe I've ruled out problems like whitespace after the closing ?> in a code-only PHP file (controllers). I'm using DB sessions, and I see session records being created in the DB on my local instance, but not on the remote staging/prod instance.
Any assistance would be much appreciated. Thanks.
In you app/Config/core.php check out these thing.
If you are using SSL and non-SSL based protocols, make sure you have cookie_secure set as false.
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_secure' => false
)
));
Try changing Session's configuration from php defaults to cake or db as
Configure::write('Session', array(
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Also try setting Session.checkAgent to false, just for once to ensure if it is a browser issue.
Try changing Session.name of your session, it defaults to 'CAKEPHP'
Configure::write('Session', array(
'name' => 'New-Session-name'
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Remove all cache files from all sub-directories of /app/tmp
Set debug level higher to 1, to do cache refresh. If you still don't see an error, try setting error_reporting to true in php.ini. (Although, this one is very obvious I am still pointing it out in case you might have missed it out)
Hope this helps
One of the recommendations I came across frequently was to ensure that there was no whitespace after the closing PHP tag in a code-only file (or preferably to not actually have a closing PHP tag). Checking all my files showed that to be the case. Somehow, however, I managed to put a single line break before the opening PHP tag in AppController.php and that was the issue. My apologies to anyone who wasted time on this. I just hope this helps someone in the future who clumsily makes the same mistake.