Session not starting on Cakephp 2.2.3 - session

I'm having a strange issue with sessions on cakephp 2.2.3... my sessions are not starting on the webserver. I tried to use this code on a controller:
<?php
if ($this->Session->write('Test', 'hi')){
echo $this->Session->read('Test');
}
else{
echo 'bye';
}
and the output was bye on webserver, and hi on localhost.
So, I checked further, and found that the method CakeSession::start() is always returning false. This started to happens today, and i couldn't realize what may be causing this...
my session configuration on core.php is
Configure::write('Session', array(
'defaults' => 'database',
'checkAgent' => true,
'timeout' => 31104000,
'cookie' => 'vejomun'
));
When setting debug to 2, I receive a lot of warnings like this:
Warning (2): ini_set() has been disabled for security reasons [CORE/Cake/Model/Datasource/CakeSession.php, line 484]
but it has always been like this, and the sessions was ok untill yesterday...
thanks in advance, and sorry for bad english.
EDIT:
if anyone has the same problem, it was just an blank line at the begin of the html.

at the top of page write
session_start();
if you write this line then and then php will compatible with session

Related

cakephp session timeout not working

I have cakephp site, I was having problem that was after being idle for about >= 1 hour it gets log-out automatically
so I googled to extend timeout for that I wrote the following in core.php
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 28800, // 8 hours.
)
);
I want to keep a logged in user logged-in even after being idle for less than 8hours
but this is not working
how can I sort out this?
According to CakePHP manual, the unit of Session.timeout option is "minute", so 8 hours should be 60*8=480
Regarding the setting not work, I think maybe you could try to clean the cakePHP cache files / restart web server or change the debug level to 2 for troubleshooting?
CakePHP 2.0 manual sessions
May be you are using CakePHP 3, that is why you are facing this issue. Session timeout does not work in CakePHP 3, You might use cookie_lifetime, please check https://github.com/cakephp/cakephp/issues/5664
I had the same problem in CakePHP 1.3
The problem was that CakePHP was using the settings defined in php.ini instead of the one I was defining in core.php
So I had to change in core.php:
Configure::write('Session.save', 'php');
to
Configure::write('Session.save', 'cake');
And it worked like a charm!

CakePHP: multiple installations on single domain; login session sharing issue

I’ve installed CakePHP into sub-directories and they seem to run fine! They all have different database.php configuration files and access different databases.
Example:
public_html/cakephp1/
public_html/cakephp2/
I access them separately using http://www.example.com/cakephp1/ and http://www.example.com/cakephp2/ and it all seems fine.
Problem occurs when I log into one of them (using CakePHP standard Auth/Session components), and I when I flip over to the other installation it also considers me as already logged in!
How do I prevent this? What’s the recommended solution? Will it help if I change the salt value in each installation?
EDIT:
Hi Martin, I've just tried the method of changing core.php to use "cake" session handling and specifying a cookie path. So now in each application i have different core.php files as such:
cakephp1's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp1'
)
));
cakephp2's core.php
Configure::write('Session', array(
'defaults' => 'cake',
'ini' => array(
'session.cookie_path' => '/cakephp2'
)
));
But still does not work and both installs seem to still share the same session. Where should I be looking to see if a cookie was actually created? I've checked the folder tmp/sessions under each /cakephp1 and /cakephp2 but that folder is always empty.
EDIT: Modifying AppController:
Martin, please help me suggest where else to look. I've followed ur code as follows:
Below is the code from my /demo/ installation (resides at public_html/demo/)
Can you tell me where I can find the cookie that is supposed to be created with your code?
If it is supposed to be at public_html/demo/app/tmp/sessions, I see nothing there even after logging in. There is also nothing under public_html/demo/ other than standard CakePHP folders.
This is from my AppController for the /demo/ installation which is accessed via http://www.example.com/demo/ as opposed to the other installation which is at http://www.example.com/tst/
public $components = array(
//'DebugKit.Toolbar',
'Cookie',
'Session',
'Auth'=>array(
//Stuff
)
}
public function beforeFilter() {
//Logic placed here will run before the action is run
parent::beforeFilter();
$this->Cookie->path = '/demo/';
}
The core.php is set as default which is:
Configure::write('Session', array(
'defaults' => 'php'
));
You’ll need to restrict cookies in each of your applications to their respective sub-directories. For example, in your AppController.php you can do this in a beforeFilter() action:
<?php
class AppController extends Controller {
public $components = array(
'Cookie',
);
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->path = '/cakephp1/';
}
}
See http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#controller-setup for more details.
I had similar issue.
Use below code for first cakephp application in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp1');
while in second cakephp application use the below code in core.php / bootstrap.php
Configure::write('Security.cookie', 'cakephp2');
Finally fixed my problem.
I had a session_start() php commandsomewhere in my code which overwrote all the core.php config, and basically it restored the php.ini session management settings.
CakePHP Session being written to /tmp/ and not /app/tmp/sessions/
Although there are answers that talk about cookies but don't mention about using Cake's own session or PHP's session. So, I thought it'd be good to share a documented way of achieving this.
CakePHP (at least 2.x), by default uses php session settings from php.ini.
The setting can be found in /app/Config/core.php and well documented there:
Configure::write('Session', array(
'defaults' => 'php' // possible values: php, cake, database, cache
));
For apps with own cake installation directory, it is as simple as changing the above value to cake which tells the app to use app/tmp/sessions for saving session files. It is imperative to mention that a different cookie name for each installation may be needed:
Configure::write('Session', array(
'defaults' => 'cake'
'cookie' => 'myApp1' // something like 'myApp2' for other app
));
Cookbook has good documentation on all settings related to sessions.

Laravel 4.1 session variables getting randomly forgotten

I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
using Laravel's default authentication driver
php.ini:
gc_maxlifetime=1440
gc_probability=1
gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
Switching to the database session manager seems to have solved the problem. I suspect that there was some way on my host server configuration that php was wiping out the session files.

CakePHP 2.x sessions behaving inconsistently between local dev and production

I have a CakePHP 2.x site I'm working on which performs as intended locally. Login works, session flash messages work, etc. When I push the code to my staging/prod server it's breaking.
Logins no longer work, no session flash messages appear, some controller actions that should be redirecting to /user/login are displaying nothing (empty document), etc.
I'm at a loss as to what the problem would be. Based on the issues I'm experiencing and some searching I've done I believe I've ruled out problems like whitespace after the closing ?> in a code-only PHP file (controllers). I'm using DB sessions, and I see session records being created in the DB on my local instance, but not on the remote staging/prod instance.
Any assistance would be much appreciated. Thanks.
In you app/Config/core.php check out these thing.
If you are using SSL and non-SSL based protocols, make sure you have cookie_secure set as false.
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'session.cookie_secure' => false
)
));
Try changing Session's configuration from php defaults to cake or db as
Configure::write('Session', array(
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Also try setting Session.checkAgent to false, just for once to ensure if it is a browser issue.
Try changing Session.name of your session, it defaults to 'CAKEPHP'
Configure::write('Session', array(
'name' => 'New-Session-name'
'defaults' => 'php', // change 'php' to 'cake' or 'database'
'cookie' => 'my_app',
'timeout' => 4320 //3 days
));
Remove all cache files from all sub-directories of /app/tmp
Set debug level higher to 1, to do cache refresh. If you still don't see an error, try setting error_reporting to true in php.ini. (Although, this one is very obvious I am still pointing it out in case you might have missed it out)
Hope this helps
One of the recommendations I came across frequently was to ensure that there was no whitespace after the closing PHP tag in a code-only file (or preferably to not actually have a closing PHP tag). Checking all my files showed that to be the case. Somehow, however, I managed to put a single line break before the opening PHP tag in AppController.php and that was the issue. My apologies to anyone who wasted time on this. I just hope this helps someone in the future who clumsily makes the same mistake.

cakephp 2.0 upgrade shell redirect() faulty?

I am upgrading an application from cakephp 1.3 to 2.0 and running into some problems. I can't quite figure out what is going on behind the scenes with my redirect statements. This has been happening since I ran the upgrade shell.
If I put this in my controller the redirect works perfectly:
function redirect() {
$this->redirect(array('controller' => 'user', 'action' => 'partners'));
}
This, however, does not work for me:
function redirect2() {
echo 'made it';
$this->redirect(array('controller' => 'user', 'action' => 'partners'));
}
This isn't a function I am using, it is just the simplest form of the problem I have isolated.
I know I shouldn't be displaying things from the controller, but my question is what is going on behind the scenes that is causing the redirect to not function? The result for the redirect2() is it prints "made it" on the screen and then stops. No errors, no redirects, no showing the view for redirect2. I have checked the error logs and there are no errors.
The confusing thing is that when I was using 1.3 all my redirects worked fine, and now something isn't working with some of them.
Thanks for any help,
you are not allowed to echo anything except for http headers prior to a php redirect.

Resources