Baz,
Your steps above are what I see in my testing as well.I also noticed
that when my session times out, auth.redirect was always set in the
new session I'd see when hitting step #4. So I did this in my Users-
>login method:
function login() {
$this->disableCache();
if ($this->Auth->user()) {
//if the redirect was due to a failed /admin* page,
then set
redirect to login page
if (stristr($this->Session->read('Auth.redirect'),
'admin') ===
TRUE) {
$this->Session->write('Auth.redirect',
'/users/login');
}
//set some stuff for my app then...
$this->redirect($this->Auth->redirect());
} else {
if ($this->Session->check('Auth.redirect')) {
if (!($this->Session->check('Message.flash') ||
$this->Session-
>check('Message.auth'))){
$this->Session->setFlash(__('Your
session has timed out. Please
log in again.', true));
}
}
}
}
It seems to handle the case I started this thread with. I'm fairly
new, so it may not be elegant or ideal. I'm learning on the go here,
so any comments given are helpful.
--Jeremy
On Feb 20, 7:35 pm, Baz <[EMAIL PROTECTED]> wrote:
> OK,
>
> I've confirmed it with $this->Session->valid(). The problem is the redirects
> to the login page. Let me explain:
>
> 1. We're logged in. This creates a session.
> 2. Session expires.
> 3. We try to access somewhere else, we jump into beforeFilter(), where
> Session is invalid.
> 4. We are then redirected to the login page, back into beforeFilter(),
> this time with a fresh new session and no flash messages.
>
> You can test with this dirt simple example:
>
> 1. Set sessions in core to expire quickly (for testing) 10 seconds.
> 2. Try to access restricted area (eg. Pages). You enter the
> beforeFilter() for the pages controller, with a new session. Then forwarded
> to the Users controller on the same session. Everything is fine. Flash
> Displays.
> 3. Let session expire.
> 4. Point browser to restricted area (not using the back button).
> Session is expired so, flash msg. not written properly.
> 5. Redirected to Users controller for login on fresh session with no
> flash.
>
> Any ideas?
>
> On Wed, Feb 20, 2008 at 5:20 PM, Baz <[EMAIL PROTECTED]> wrote:
> > They wanted something slightly different in that ticket. And I believe the
> > functionality they wanted is already in $this->Session->valid()...
>
> > I *think* my problem is that beforeFilter() is run twice: once with the
> > invalid session, then another time for another redirect, with a new Session.
> > So when the new session starts, I have no information about the old session.
> > All the flash messages that have been set, get reset....
>
> > I think...
>
> > On Wed, Feb 20, 2008 at 2:19 PM, lemp <[EMAIL PROTECTED]> wrote:
>
> > > A ticket was opened a few months ago and was set to "wontfix".
>
> > >https://trac.cakephp.org/ticket/3404
>
> > > But I do agree this is quite annoying.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
