Why does the CakePHP Authorization Componentent automatically logout when opening two sites in parallel?
https://stackoverflow.com/questions/418329
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a problem within my CakePHP application: I use the Authorization Component for the login/logout mechanisms. Unfortunately users are logged out automatically when they try to open two or more php pages at the same moment. Thats happening very often because we tend to use the middle mouse button to open many tabs in short intervals.
Has anybody an idea? Could it be CakePHP or is there a php setting for allowing useres to make multiple requests at the same time?
georg
Solution
Because of session_regenerate_id(). For every page you open, you get a new session_id. This prevent session hijacking (which is uncommon but possible). Turn your security level in config.php down to medium to prevent this.
OTHER TIPS
you might also have two sites with the same seed look in your config.php and see if you have unique values in
Configure::write('Session.cookie', 'I_like_to_make_this_unique');
Configure::write('Security.salt', 'this_should_be_unique');
might help
