I'm having almost the identical problem as here. Unfortunately this question provides no solutions. I'm using strictly HTTPS and still have the problem. I've tried all I can think of: Session.checkAgent=false, Session.cookieTimeout=0, Security.level=low, etc. I cannot re-produce the problem in any way, however, a small portion of our customers are complaining that their session is being lost. I don't know any way to debug and/or determine how/where the session is being destroyed. I don't know what else to do, can anyone help? I'm using CakePHP 2.4.5 and can upgrade to 2.5.5, but would like to determine what the issue is so I can have peace of mind that it has been fixed.
Asked
Active
Viewed 375 times
0
-
Is the web server configured properly to read/write session files? Have you tried storing the session data in a MySQL database instead of files? – SameOldNick Nov 03 '14 at 03:55
-
tell them to enable cookie in their browser, Cookie must be enabled to use the session – Abhishek Nov 03 '14 at 04:27
-
Sessions are being written properly to the server and the end users have cookies enabled. – user3287495 Nov 03 '14 at 15:02
1 Answers
0
This may help
Configure::write('Session.referer_check' ,false);
But before putting that into production, you should know how it may affect your security.
The only real way to fix this is if you can reproduce it.
Chuck Burgess
- 11,600
- 5
- 41
- 74
-
I cannot find any documentation on Session.referer_check. Where would I find that? My understanding is Session.checkAgent is supposed to do essentially what is inferred here: check the referer user agent and allow/deny accordingly. – user3287495 Nov 03 '14 at 23:24