Auth timeout problems with CakePHP – Here in this article, we will share some of the most common and frequently asked about PHP problem in programming with detailed answers and code samples. There’s nothing quite so frustrating as being faced with PHP errors and being unable to figure out what is preventing your website from functioning as it should like php and session . If you have an existing PHP-based website or application that is experiencing performance issues, let’s get thinking about Auth timeout problems with CakePHP.
This is really bugging me. Has been for years. No matter what I do with core.php or php.ini, my logins timeout after about an hour – usually. Some deployments of identical code and configuration timeout after a respectable amount of time.
This is what I have at the moment on one site – timed out after about an hour:
session.gc_divisor 1000 session.gc_maxlifetime 86400 session.gc_probability 1 Configure::write('Session.timeout', '28800'); Configure::write('Session.checkAgent', false); Configure::write('Security.level', 'medium');
And another – lasted all night:
session.gc_divisor 100 session.gc_maxlifetime 14400 session.gc_probability 0 Configure::write('Session.timeout', '315360000'); Configure::write('Session.checkAgent', false); Configure::write('Security.level', 'medium');
Now, before you get excited and say, “Well, the answer is there in the Session.timeout value”, let me tell you that this site usually times out after about twenty minutes!
Somewhere I read that on shared hosting, other applications can reset the session by clearing the php-defined session directory. This was alluded to by Rowlf in his answer.
CakePHP offers the option to configure the way sessions are handled. In
core.php I changed this to
'cake' (by default it is
/** * The preferred session handling method. Valid values: * * 'php' Uses settings defined in your php.ini. * 'cake' Saves session files in CakePHP's /tmp directory. * 'database' Uses CakePHP's database sessions. */ Configure::write('Session.save', 'cake');
I also ensured that the session timeout and the corresponding php.ini values are the same:
/** * Session time out time (in seconds). * Actual value depends on 'Security.level' setting. */ Configure::write('Session.timeout', '86400');
So far, the system hasn’t logged out.
I don’t think this is a Cake-specific thing; I’ve seen it when no frameworks were involved – it’s most likely an issue with your PHP config settings.
Things you should check/do to fix the issue:
Specify a dedicated path to store
session.save_pathif you don’t already do so.
Don’t store them in /tmp – some other process may come along and wipe them
Make sure (and I mean really sure) that the value of
session.gc_maxlifetimeis what you think it is (86400 if you want your logins to time out after 24 hrs of inactivity, etc.). Same with
session.gc_probability. Even though the PHP Manual specifies that session settings can be set on any level, depending on the dodginess of your PHP build (they’re all slightly buggy in their subtle ways :)) you may find they don’t actually take effect unless set in the global php.ini file as opposed to in the code, .htaccess, etc. Just output them in your actual app to be sure they are applied.
Also, depending on your environment, check if the PHP CLI build is using the same php.ini file as the default PHP build – if the CLI build is using another config file and you have cron jobs using the CLI build, the cron job scripts could be invoking the session cleanup procedure.
If you have many CakePHP apps on the same server, this can be the cause of you troubles. Don’t forget to :
- Prefix each app differently ($prefix on core.php).
Change the name of each cookie path :
Configure::write('Session', array( 'defaults' => 'php', 'timeout' => 4320, 'ini' => array( 'session.cookie_path' => '/name_app', // this for each app )));