« Brick dropper game
Pulpcore and JBox2d: A simple demo »

CakePHP session lost when using Applets or Flash

Recently I have been developing a website on my dev machine using the CakePHP framework. During this I ran into a problem where I could log a user in, view a Pulpcore applet and then be logged out right after viewing it.

After doing a bit of searching on the net I found the cause and the solution.

The cause:
My Pulpcore applet trying to do a request a CakePHP action from the web server to get and set the highscores.
CakePHP would check the HTTP_USER_AGENT and compare it to the one used to create the session.
When it found that they differed it would kill the session thinking it was preventing a session hijack attempt.

A solution:
In the config/core.php set the following lines
Configure::write(’Session.checkAgent’, false);
Configure::write(’Security.level’, ‘medium’);

This will stop CakePHP from regenerating a session every request and stop CakePHP from checking the user agent.
After that my Pulpcore applets where able to request actions as the logged in user fine and keep the session alive.

Tags: ,

This entry was posted on Thursday, March 27th, 2008 at 8:40 am and is filed under CakePHP, Pulpcore. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “CakePHP session lost when using Applets or Flash”

  1. thushara wijeratna Says:
    April 20th, 2008 at 5:55 am

    The user agent that IE sends on Ajax calls can be different from what it sends on regular calls. So this user agent check can fail, resulting in loss of session even for non-applet instances.

    More info here: https://trac.cakephp.org/ticket/3238

  2. almond Says:
    July 30th, 2008 at 1:42 pm

    Thanks for the information

Leave a Reply