If you used CakePHP framework to build application and used Auth component for Authentication – you might face few cookie related problems. One is – If you close browser without log out – it doesn’t expire that is, browser kept cookie for ever and you never logged it. This is the very serious issue. You may updated your security level to high to solve this iisue but this causes the session id to be regenerated on every request. This does make it very easy to lose your legitimate session though, and its excessive and costly – we don’t need that though. So i was searching for a easy and cheap solution – how to solve this issue but there are very less resources related to this problem. Later i found a nice solution on cakephp site! that is –
Set security level to midium rather than high on core.php
Define custom session handling method rather than database or php. To do this, find out the collowing line in core.php
Updated the above line to
So you specified your custom session handling preferences, now create the custom session handling file with following contents –
// app/config/my_session_handler.php // // Revert value and get rid of the referrer check even when, // Security.level is medium ini_restore('session.referer_check'); ini_set('session.use_trans_sid', 0); ini_set('session.name', Configure::read('Session.cookie')); // Cookie is now destroyed when browser is closed, doesn't // persist for days as it does by default for security // low and medium ini_set('session.cookie_lifetime', 0); // Cookie path is now '/' even if you app is within a sub // directory on the domain $this->path = '/'; ini_set('session.cookie_path', $this->path); // Session cookie now persists across all subdomains ini_set('session.cookie_domain', env('HTTP_BASE'));
Hopefully this configuration will be ok, tweak configuration as needed.