Cakephp cookie doesn’t expire even after browser close?

If you used CakePHP framework to build application and used Auth component for Authentication – you might face few cookie related problems. One is – If you close browser without log out – it doesn’t expire that is, browser kept cookie for ever and you never logged it. This is the very serious issue. You may updated your security level to high to solve this iisue but this causes the session id to be regenerated on every request. This does make it very easy to lose your legitimate session though, and its excessive and costly – we don’t need that though. So i was searching for a easy and cheap solution – how to solve this issue but there are very less resources related to this problem. Later i found a nice solution on cakephp site! that is –

Set security level to midium rather than high on core.php

Configure::write('Security.level', 'medium');

Define custom session handling method rather than database or php. To do this, find out the collowing line in core.php

Configure::write('Session.save', 'php');

Updated the above line to

Configure::write('Session.save', 'my_session_handler');

So you specified your custom session handling preferences, now create the custom session handling file with following contents –

// app/config/my_session_handler.php
//
// Revert value and get rid of the referrer check even when,
// Security.level is medium
ini_restore('session.referer_check');

ini_set('session.use_trans_sid', 0);
ini_set('session.name', Configure::read('Session.cookie'));

// Cookie is now destroyed when browser is closed, doesn't 
// persist for days as it does by default for security
// low and medium
ini_set('session.cookie_lifetime', 0);

// Cookie path is now '/' even if you app is within a sub 
// directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

// Session cookie now persists across all subdomains
ini_set('session.cookie_domain', env('HTTP_BASE'));

Hopefully this configuration will be ok, tweak configuration as needed.

Advertisements

Email Address Encoder – CodeIgniter Helper, Stop Email Address harvesting!

Spiders/Email Address Hunters are hungry to get your email address from website. You can buy such software/ web scrapper that collects email address for Internet Marketing, Spamming etc too if you wish ;). But you want to avoid those crawlers to collect your email addresses from your business directory or site if you encode the email address or make an image with the email address. I’ve built a Codeigniter Helper to encode your email address easily. You can use those functions on other frameworks, no copyright – just copy paste it :p
Continue reading