I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.
Related
I have a problem with the sessions on the shared hosting.
I developed an app on a local server (XAMPP) and it works great (sessions, auth etc). The problems have appeared when I moved the app on a shared hosting.
I realized that the sessions are not persisting from a page to another or from AJAX files to another page and the Authentication does not work either .
The only session that persists is the _token which has a different value after every refresh of the page.
I have the following configuration in the session.php file:
'driver' => 'database',
'lifetime' => 120,
'expire_on_close' => false,
'lottery' => array(2, 100),
'path' => '/',
'domain' => null
First, I used file driver and I had the same problem, and now I used the database.
Both file and database work on the local server but on the shared hosting they do not.
I tried all the solutions found on the forum but still I have the same problem.
I think the problem is at the session domain setting because when I change the value from null to other string on my local server, I have the same problem that I have encountered online.
Can you help me, please!
Thanks, Mirel
I fixed the problem. In my case the error because I have added a php closed tag ?> in the end of the included files. So removing this tag will bring the application back to normal behavior.
I’ve installed CakePHP into sub-directories and they seem to run fine! They all have different database.php configuration files and access different databases.
Example:
public_html/cakephp1/
public_html/cakephp2/
I access them separately using http://www.example.com/cakephp1/ and http://www.example.com/cakephp2/ and it all seems fine.
Problem occurs when I log into one of them (using CakePHP standard Auth/Session components), and I when I flip over to the other installation it also considers me as already logged in!
How do I prevent this? What’s the recommended solution? Will it help if I change the salt value in each installation?
EDIT:
Hi Martin, I've just tried the method of changing core.php to use "cake" session handling and specifying a cookie path. So now in each application i have different core.php files as such:
cakephp1's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp1'
)
));
cakephp2's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp2'
)
));
But still does not work and both installs seem to still share the same session. Where should I be looking to see if a cookie was actually created? I've checked the folder tmp/sessions under each /cakephp1 and /cakephp2 but that folder is always empty.
EDIT: Modifying AppController:
Martin, please help me suggest where else to look. I've followed ur code as follows:
Below is the code from my /demo/ installation (resides at public_html/demo/)
Can you tell me where I can find the cookie that is supposed to be created with your code?
If it is supposed to be at public_html/demo/app/tmp/sessions, I see nothing there even after logging in. There is also nothing under public_html/demo/ other than standard CakePHP folders.
This is from my AppController for the /demo/ installation which is accessed via http://www.example.com/demo/ as opposed to the other installation which is at http://www.example.com/tst/
public $components = array(
//'DebugKit.Toolbar',
'Cookie',
'Session',
'Auth'=>array(
//Stuff
)
}
public function beforeFilter() {
//Logic placed here will run before the action is run
parent::beforeFilter();
$this->Cookie->path = '/demo/';
}
The core.php is set as default which is:
Configure::write('Session', array(
'defaults' => 'php'
));
You’ll need to restrict cookies in each of your applications to their respective sub-directories. For example, in your AppController.php you can do this in a beforeFilter() action:
<?php
class AppController extends Controller {
public $components = array(
'Cookie',
);
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->path = '/cakephp1/';
}
}
See http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#controller-setup for more details.
I had similar issue.
Use below code for first cakephp application in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp1');
while in second cakephp application use the below code in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp2');
Finally fixed my problem.
I had a session_start() php commandsomewhere in my code which overwrote all the core.php config, and basically it restored the php.ini session management settings.
CakePHP Session being written to /tmp/ and not /app/tmp/sessions/
Although there are answers that talk about cookies but don't mention about using Cake's own session or PHP's session. So, I thought it'd be good to share a documented way of achieving this.
CakePHP (at least 2.x), by default uses php session settings from php.ini.
The setting can be found in /app/Config/core.php and well documented there:
Configure::write('Session', array(
'defaults' => 'php' // possible values: php, cake, database, cache
));
For apps with own cake installation directory, it is as simple as changing the above value to cake which tells the app to use app/tmp/sessions for saving session files. It is imperative to mention that a different cookie name for each installation may be needed:
Configure::write('Session', array(
'defaults' => 'cake'
'cookie' => 'myApp1' // something like 'myApp2' for other app
));
Cookbook has good documentation on all settings related to sessions.
I have a site developed with cakephp 2.3
I have a system of login and after some minutes (about 2) of inactivity the system logout me.
Into my core.php I have this line:
Configure::write('Session', array(
'defaults' => 'php',
'cookie' => 'my_app',
'timeout' => 4320
));
Configure::write('Security.level', 'medium');
I have tried many solution to set timeout, high level, checkUserAgent, nothing works after a few minutes logout me.
To test it I use Chrome
How can I solve it?
I have a CakePHP 2.x site I'm working on which performs as intended locally. Login works, session flash messages work, etc. When I push the code to my staging/prod server it's breaking.
Logins no longer work, no session flash messages appear, some controller actions that should be redirecting to /user/login are displaying nothing (empty document), etc.
I'm at a loss as to what the problem would be. Based on the issues I'm experiencing and some searching I've done I believe I've ruled out problems like whitespace after the closing ?> in a code-only PHP file (controllers). I'm using DB sessions, and I see session records being created in the DB on my local instance, but not on the remote staging/prod instance.
Any assistance would be much appreciated. Thanks.
In you app/Config/core.php check out these thing.
If you are using SSL and non-SSL based protocols, make sure you have cookie_secure set as false.
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_secure' => false
)
));
Try changing Session's configuration from php defaults to cake or db as
Configure::write('Session', array(
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Also try setting Session.checkAgent to false, just for once to ensure if it is a browser issue.
Try changing Session.name of your session, it defaults to 'CAKEPHP'
Configure::write('Session', array(
'name' => 'New-Session-name'
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Remove all cache files from all sub-directories of /app/tmp
Set debug level higher to 1, to do cache refresh. If you still don't see an error, try setting error_reporting to true in php.ini. (Although, this one is very obvious I am still pointing it out in case you might have missed it out)
Hope this helps
One of the recommendations I came across frequently was to ensure that there was no whitespace after the closing PHP tag in a code-only file (or preferably to not actually have a closing PHP tag). Checking all my files showed that to be the case. Somehow, however, I managed to put a single line break before the opening PHP tag in AppController.php and that was the issue. My apologies to anyone who wasted time on this. I just hope this helps someone in the future who clumsily makes the same mistake.
I'm having a strange issue with sessions on cakephp 2.2.3... my sessions are not starting on the webserver. I tried to use this code on a controller:
<?php
if ($this->Session->write('Test', 'hi')){
echo $this->Session->read('Test');
}
else{
echo 'bye';
}
and the output was bye on webserver, and hi on localhost.
So, I checked further, and found that the method CakeSession::start() is always returning false. This started to happens today, and i couldn't realize what may be causing this...
my session configuration on core.php is
Configure::write('Session', array(
'defaults' => 'database',
'checkAgent' => true,
'timeout' => 31104000,
'cookie' => 'vejomun'
));
When setting debug to 2, I receive a lot of warnings like this:
Warning (2): ini_set() has been disabled for security reasons [CORE/Cake/Model/Datasource/CakeSession.php, line 484]
but it has always been like this, and the sessions was ok untill yesterday...
thanks in advance, and sorry for bad english.
EDIT:
if anyone has the same problem, it was just an blank line at the begin of the html.
at the top of page write
session_start();
if you write this line then and then php will compatible with session