I’ve installed CakePHP into sub-directories and they seem to run fine! They all have different database.php configuration files and access different databases.
Example:
public_html/cakephp1/
public_html/cakephp2/
I access them separately using http://www.example.com/cakephp1/ and http://www.example.com/cakephp2/ and it all seems fine.
Problem occurs when I log into one of them (using CakePHP standard Auth/Session components), and I when I flip over to the other installation it also considers me as already logged in!
How do I prevent this? What’s the recommended solution? Will it help if I change the salt value in each installation?
EDIT:
Hi Martin, I've just tried the method of changing core.php to use "cake" session handling and specifying a cookie path. So now in each application i have different core.php files as such:
cakephp1's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp1'
)
));
cakephp2's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp2'
)
));
But still does not work and both installs seem to still share the same session. Where should I be looking to see if a cookie was actually created? I've checked the folder tmp/sessions under each /cakephp1 and /cakephp2 but that folder is always empty.
EDIT: Modifying AppController:
Martin, please help me suggest where else to look. I've followed ur code as follows:
Below is the code from my /demo/ installation (resides at public_html/demo/)
Can you tell me where I can find the cookie that is supposed to be created with your code?
If it is supposed to be at public_html/demo/app/tmp/sessions, I see nothing there even after logging in. There is also nothing under public_html/demo/ other than standard CakePHP folders.
This is from my AppController for the /demo/ installation which is accessed via http://www.example.com/demo/ as opposed to the other installation which is at http://www.example.com/tst/
public $components = array(
//'DebugKit.Toolbar',
'Cookie',
'Session',
'Auth'=>array(
//Stuff
)
}
public function beforeFilter() {
//Logic placed here will run before the action is run
parent::beforeFilter();
$this->Cookie->path = '/demo/';
}
The core.php is set as default which is:
Configure::write('Session', array(
'defaults' => 'php'
));
You’ll need to restrict cookies in each of your applications to their respective sub-directories. For example, in your AppController.php you can do this in a beforeFilter() action:
<?php
class AppController extends Controller {
public $components = array(
'Cookie',
);
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->path = '/cakephp1/';
}
}
See http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#controller-setup for more details.
I had similar issue.
Use below code for first cakephp application in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp1');
while in second cakephp application use the below code in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp2');
Finally fixed my problem.
I had a session_start() php commandsomewhere in my code which overwrote all the core.php config, and basically it restored the php.ini session management settings.
CakePHP Session being written to /tmp/ and not /app/tmp/sessions/
Although there are answers that talk about cookies but don't mention about using Cake's own session or PHP's session. So, I thought it'd be good to share a documented way of achieving this.
CakePHP (at least 2.x), by default uses php session settings from php.ini.
The setting can be found in /app/Config/core.php and well documented there:
Configure::write('Session', array(
'defaults' => 'php' // possible values: php, cake, database, cache
));
For apps with own cake installation directory, it is as simple as changing the above value to cake which tells the app to use app/tmp/sessions for saving session files. It is imperative to mention that a different cookie name for each installation may be needed:
Configure::write('Session', array(
'defaults' => 'cake'
'cookie' => 'myApp1' // something like 'myApp2' for other app
));
Cookbook has good documentation on all settings related to sessions.
Related
I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.
Everything in my Magento store is working ok, except for a route I created that calls the API:
$proxy = new SoapClient('SOAPCLIENTURL');
$sessionId = $proxy->login('USERNAME', 'PASSWORD');
$proxy->customerCustomerCreate($sessionId, array(
'email' => $email,
'firstname' => '',
'lastname' => '',
'password' => $password,
'website_id' => 7,
'store_id' => 7
));
When I comment out these lines, the route works fine. Any ideas why this 503s the page and how to fix it?
The code block that's causing your problem is a request to an external API that could fail for numerous reasons. The way you'd fix this is to monitor your server and Magento error and exception logs for errors, take a look at the error, and then fix the problem (or post the specific error to a site like this and ask for help).
You could also try running the above code snippet outside of a Magento context (in a stand along script) and see what sort of error you get.
If errors aren't showing up then you need to research how to setup your system for proper error handling.
Also, if you're setting up a Magento route and making an API call into the same system, there's no reason to use the SOAP or XML-RPC layer. Each Magento API section has a corresponding PHP object that contains all the logic. The above method is equivalent to
Mage::getModel('customer/customer_api_v2')->create(array(...));
With the real PHP class being at
app/code/core/Mage/Customer/Model/Customer/Api/V2.php
and the create method defined at
app/code/core/Mage/Customer/Model/Customer/Api.php
I have a CakePHP 2.x site I'm working on which performs as intended locally. Login works, session flash messages work, etc. When I push the code to my staging/prod server it's breaking.
Logins no longer work, no session flash messages appear, some controller actions that should be redirecting to /user/login are displaying nothing (empty document), etc.
I'm at a loss as to what the problem would be. Based on the issues I'm experiencing and some searching I've done I believe I've ruled out problems like whitespace after the closing ?> in a code-only PHP file (controllers). I'm using DB sessions, and I see session records being created in the DB on my local instance, but not on the remote staging/prod instance.
Any assistance would be much appreciated. Thanks.
In you app/Config/core.php check out these thing.
If you are using SSL and non-SSL based protocols, make sure you have cookie_secure set as false.
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_secure' => false
)
));
Try changing Session's configuration from php defaults to cake or db as
Configure::write('Session', array(
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Also try setting Session.checkAgent to false, just for once to ensure if it is a browser issue.
Try changing Session.name of your session, it defaults to 'CAKEPHP'
Configure::write('Session', array(
'name' => 'New-Session-name'
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Remove all cache files from all sub-directories of /app/tmp
Set debug level higher to 1, to do cache refresh. If you still don't see an error, try setting error_reporting to true in php.ini. (Although, this one is very obvious I am still pointing it out in case you might have missed it out)
Hope this helps
One of the recommendations I came across frequently was to ensure that there was no whitespace after the closing PHP tag in a code-only file (or preferably to not actually have a closing PHP tag). Checking all my files showed that to be the case. Somehow, however, I managed to put a single line break before the opening PHP tag in AppController.php and that was the issue. My apologies to anyone who wasted time on this. I just hope this helps someone in the future who clumsily makes the same mistake.
I'm having a strange issue with sessions on cakephp 2.2.3... my sessions are not starting on the webserver. I tried to use this code on a controller:
<?php
if ($this->Session->write('Test', 'hi')){
echo $this->Session->read('Test');
}
else{
echo 'bye';
}
and the output was bye on webserver, and hi on localhost.
So, I checked further, and found that the method CakeSession::start() is always returning false. This started to happens today, and i couldn't realize what may be causing this...
my session configuration on core.php is
Configure::write('Session', array(
'defaults' => 'database',
'checkAgent' => true,
'timeout' => 31104000,
'cookie' => 'vejomun'
));
When setting debug to 2, I receive a lot of warnings like this:
Warning (2): ini_set() has been disabled for security reasons [CORE/Cake/Model/Datasource/CakeSession.php, line 484]
but it has always been like this, and the sessions was ok untill yesterday...
thanks in advance, and sorry for bad english.
EDIT:
if anyone has the same problem, it was just an blank line at the begin of the html.
at the top of page write
session_start();
if you write this line then and then php will compatible with session
I included the 'Session' Component and the helper in my AppController.php
Now, if I use $this->Session->write('App.testString', 'test); the Session is not created, or at least I don't receive the string when I do echo $this->Session->read('App.testString');.
Do I have to change any settings for Sessions to work?
Inside a controller function I can write and read a session, but if I want to read the session inside a different function (of the same controller) I don't get a value back.
I found the solution: By default CakePHP uses the folder which is set in php.ini. This folder couldn't be accessed in my hosting-environment (and I was not allowed to change the php.ini).
In this situation, you have to change in the core.php where session files are stored. This is what I had before:
Configure::write('Session', array(
'defaults' => 'php'
));
I changed it to this one:
Configure::write('Session', array(
'defaults' => 'cake'
));
This way, cake uses his own tmp-folder to store the session files. Also make sure that the tmp folder and his subfolders are writeable.