Cakephp cookie doesn’t expire even after browser close?

If you used CakePHP framework to build application and used Auth component for Authentication – you might face few cookie related problems. One is – If you close browser without log out – it doesn’t expire that is, browser kept cookie for ever and you never logged it. This is the very serious issue. You may updated your security level to high to solve this iisue but this causes the session id to be regenerated on every request. This does make it very easy to lose your legitimate session though, and its excessive and costly – we don’t need that though. So i was searching for a easy and cheap solution – how to solve this issue but there are very less resources related to this problem. Later i found a nice solution on cakephp site! that is –

Set security level to midium rather than high on core.php

Configure::write('Security.level', 'medium');

Define custom session handling method rather than database or php. To do this, find out the collowing line in core.php

Configure::write('', 'php');

Updated the above line to

Configure::write('', 'my_session_handler');

So you specified your custom session handling preferences, now create the custom session handling file with following contents –

// app/config/my_session_handler.php
// Revert value and get rid of the referrer check even when,
// Security.level is medium

ini_set('session.use_trans_sid', 0);
ini_set('', Configure::read('Session.cookie'));

// Cookie is now destroyed when browser is closed, doesn't 
// persist for days as it does by default for security
// low and medium
ini_set('session.cookie_lifetime', 0);

// Cookie path is now '/' even if you app is within a sub 
// directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

// Session cookie now persists across all subdomains
ini_set('session.cookie_domain', env('HTTP_BASE'));

Hopefully this configuration will be ok, tweak configuration as needed.

Cakephp, Auth and Empty Password Problem

Auth component is excellent one that i love in Cakephp for authentication but one problem i faced with this, empty password problem. That is – to add a new user, it takes empty password if we use password field. Model validation doesn’t work for password field if we put no value in password field, because – auth component create a hashed password after the form submission with empty value, so it can pass Model validation easily. I solved it another way – here is it.
Continue reading

Uncategorized 12