CakePHP 的身份验证超时问题

2021-12-21 00:00:00 session timeout php cakephp

这真的让我很烦恼.已经好多年了.无论我用 core.php 还是 php.ini 做什么,我的登录都会在大约一个小时后超时——通常是.一些相同代码和配置的部署在相当长的时间后超时.

This is really bugging me. Has been for years. No matter what I do with core.php or php.ini, my logins timeout after about an hour - usually. Some deployments of identical code and configuration timeout after a respectable amount of time.

这是我目前在一个网站上的内容 - 大约一个小时后超时:

This is what I have at the moment on one site - timed out after about an hour:

session.gc_divisor  1000
session.gc_maxlifetime  86400
session.gc_probability  1

Configure::write('Session.timeout', '28800');
Configure::write('Session.checkAgent', false);
Configure::write('Security.level', 'medium');

另一个 - 持续了一夜:

And another - lasted all night:

session.gc_divisor  100
session.gc_maxlifetime  14400
session.gc_probability  0

Configure::write('Session.timeout', '315360000');
Configure::write('Session.checkAgent', false);
Configure::write('Security.level', 'medium');

现在,在您兴奋地说嗯,答案就在 Session.timeout 值中"之前,让我告诉您,该站点通常会在大约 20 分钟后超时!

Now, before you get excited and say, "Well, the answer is there in the Session.timeout value", let me tell you that this site usually times out after about twenty minutes!

推荐答案

我在共享主机上读到过,其他应用程序可以通过清除 php 定义的会话目录来重置会话.Rowlf 在他的回答中提到了这一点.

Somewhere I read that on shared hosting, other applications can reset the session by clearing the php-defined session directory. This was alluded to by Rowlf in his answer.

CakePHP 提供了配置会话处理方式的选项.在 core.php 中,我将其更改为 'cake'(默认为 'php'):

CakePHP offers the option to configure the way sessions are handled. In core.php I changed this to 'cake' (by default it is 'php'):

/**
 * The preferred session handling method. Valid values:
 *
 * 'php'            Uses settings defined in your php.ini.
 * 'cake'       Saves session files in CakePHP's /tmp directory.
 * 'database'   Uses CakePHP's database sessions.
 */
Configure::write('Session.save', 'cake');

我还确保会话超时和相应的 php.ini 值相同:

I also ensured that the session timeout and the corresponding php.ini values are the same:

/**
 * Session time out time (in seconds).
 * Actual value depends on 'Security.level' setting.
 */
Configure::write('Session.timeout', '86400');

到目前为止,系统还没有退出.

So far, the system hasn't logged out.

相关文章