Session not carrying through on redirect in CakePHP 1.2

0
votes

I have a CakePHP 1.2 build that I just upgraded from 1.1. Unfortunately, session is not working correctly.

I have spent hours on other threads on stackoverflow, tried solutions offered, and so far, nothing has worked.

When a user logs in at: accounts/login, I set the session in accounts_controller.php like this.

$this->Session->write('Account', $someone['Account']);

print_r($this->Session->read());

$this->redirect("/accounts/profile");
exit;

The session is for sure being saved, as the read shows all the correct session information. As soon as it redirects to /profile, however, everything is gone.

   function profile() {
     print_r($this->Session->Read());

The output of this is:

Array ( [Config] => Array ( [userAgent] => [time] => 1376738563 [timeout] => 10 ) )

I have set the cake security level to low in core, and it still doesn't work.

Configure::write('Security.level', 'low');

My problem is essentially identical to this one: Cakephp session is destroyed after redirect

But I know for SURE my session is being saved (I opened the session file on the harddisk to verify). And there were no other solutions given to that issue.

I also found this thread very helpful, but the solutions given there haven't worked for me either: cakephp lost session variable when redirect

I am not very skilled with php.ini settings. It is possible that I missed something very simple, but I'm about to pull out my hair. Can you give me a clue on what I might be missing?

I'd be happy to post my php.ini file and core.php cake file if anyone would find that helpful.

Here are the pertinent core settings:

Configure::write('Session.save', 'cake'); //I have tried 'php' also
Configure::write('Session.cookie', 'CAKEPHP');
Configure::write('Session.timeout', '120');
Configure::write('Session.start', true);
Configure::write('Session.checkAgent', false);
Configure::write('Security.level', 'low');

I added these below after reading this thread: cakephp lost session variable when redirect It didn't work before or after. :)

 Configure::write('Security.cookie', 'cakephpfdebackend');
 Configure::write('Session.cookieTimeout', 10000);
 Configure::write('Session.cookie_secure',false);
 Configure::write('Session.referer_check' ,false);
 Configure::write('Session.defaults', 'php');

Cookies are enabled on my browser, and I've tried both firefox and chrome. I am working on localhost right now, so I have full access to all files. Please ask any question necessary - I'm desperate.

EDIT: I was able to push my site up to a live server where I knew everything worked for other sites on that server. And my site works on that server just fine. This verifies that the problem is with the settings on my computer/apache/php.

1
sessioncakephpredirect
For a starter, check the value of $this->Session->id() before and after the redirect, it might narrow down the possible causes depending on whether they match or not (they should match on Security.Level = low). And is there anything in $this->Session->errors? Also have you checked whether the cookie is actually stored and sent? On a side note, you should step over 1.2 and upgrade to at least 1.3 - ndm
2013-08-17 10:38:05 Debug: cab9q09rbpkft8r2ngjll3qdt3 2013-08-17 10:38:06 Debug: l0iibb23201b47b2pq6ervj1i4 2013-08-17 10:38:06 Debug: First line is the ID BEFORE the redirect. Second line is the ID AFTER the redirect. (Not the same). Third line is the output from $this->Session->errors. (blank) I'm not very familiar with cookies, how would I check to be sure it was stored and sent? Also, see my edit above - it works on the live server. @ndm - dwlorimer
To view cookies, in Firefox: Right Click > View Page Info > Security > View Cookies. To check whether they are sent (and received): Firefox Button or Tools > Web Developer > Web Console > Console reload the page, click on the appropriate list entry that matches your request, and in the popup see Sent Cookie/Received Cookie. - ndm
@ndm Hmm, I think you've found the issue. Firefox does not list any stored cookies for the site in the page information. It states that this website is not storing any cookies on my computer. (Whereas, the online site says it is, as expected). The console does list cookies received. Different hash every page load - here is one of them: Received Cookie CAKEPHP:plpc92af1a82javhgba5667hj1 I don't see a "Sent Cookie" anywhere. I appreciate your help very much. What do I need to change to get my localhost version to set the cookies? - dwlorimer
I really can't tell, it's not like there is just one switch that would needs to be turned on... the only cause for the cookies not being sent that comes to my mind right now, is that they are expired, or that path or domain are wrong. Check session_get_cookie_params() to make sure the correct values are configured. - ndm

1 Answers

2
votes

OK, let me post this as a slightly reworded answer too.

As figured, such problems are usually cookie related, so the first thing to do should be checking whether the cookies are actually being received, set, and sent back to the server.

Checking whether cookies are being set is possible out-of-the-box with most browsers, in Firefox they can be found in the Page Info dialog (Page Info > Security > Privacy & History > View Cookies), in Chrome they hide in the Advanced Content Settings (Settings > Show Advanced Settings > Privacy > Content Settings > All Cookies And Site Data), in IE they are available via the developer tools (Cache > View Cookie Information).

Checking whether cookies are received and sent can be done with the developer tools of most browsers, in Firefox it can be inspected in the Console as well as the Network tab (Firefox Button or Tools > Web Developer > Web Console > Console/Network), in Chrome it can be found in the Network tab (F12 > Network), just like in IE (F12 > Network > Cookies).

Cookies that are not being sent, as we figured is the problem in your case, are most likely caused by wrong domain and/or path values, the cookies being defined for secure connections only, or the cookies may be simply expired. Checking whether the PHP session cookie settings are configured correctly can be done with session_get_cookie_params(), this will show the values for the lifetime, path, domain, secure and httponly settings, where the problem is most likely to be found.

Of course there might also be browser settings, extensions, etc causing the problem, so it's always good to test with a fresh default browser profile (in case the browser supports that).