[英]Session lost after redirect post Login in cakePhp 2.4
I am currently on cakePHP 2.4.5 and try to implement authorization. 我目前在cakePHP 2.4.5上,尝试实现授权。 My AppController.php is:
我的AppController.php是:
class AppController extends Controller {
public $helpers = array('Html', 'Form', 'Session');
public $components = array(
'Session',
'RequestHandler',
'Auth' => array(
'loginRedirect' => array(
'controller' => 'themeroles',
'action' => 'add'
),
'logoutRedirect' => array(
'controller' => 'pages',
'action' => 'display',
'home'
)
)
);
public function isAuthorized($user) {
$auth = CakeSession::read('Auth');
if (isset($auth['User'])){
$loggedInUser = $auth['User']['username'];
$loggedInRole = $auth['User']['role'];
// Admin can access every action
if (isset($loggedInRole) && $loggedInRole === 'admin') {
return true;
}
if (isset($loggedInUser) &&!empty($user) && $loggedInUser === $user) {
return true;
}
}
CakeSession::write('redirectURL', Router::reverse($this->request, true));
// Default deny
return false;
}
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
}
My UsersController has: 我的UsersController具有:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('add', 'logout');
}
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
but after the redirect, it seems the session gets killed. 但是重定向之后,会话似乎被终止。 I automatically get redirected to the login page.
我会自动重定向到登录页面。
I found as a possible solution to set in the core.php: 我发现可以在core.php中进行设置:
Configure::write('Security.level', 'low');
Configure::write('Security.cookie', 'cakephpfdebackend');
Configure::write('Session.cookieTimeout', 0);
Configure::write('Session.checkAgent', false);
Configure::write('Session.cookie_secure',false);
Configure::write('Session.referer_check' ,false);
Configure::write('Session.defaults', 'php');
but that does not help. 但这无济于事。 What am I missing?
我想念什么?
I think the problem is on your isAuthorized()
function. 我认为问题出在您的
isAuthorized()
函数上。 Before writing a new session every time you try to login, it finds that isset($auth['User'])
is set but empty. 每次尝试登录时,在编写新会话之前,它会发现
isset($auth['User'])
已设置但为空。 Thus both if
don't run at all. 因此,这两个
if
不运行在所有。 As a result it returns false. 结果,它返回false。
So, try: 因此,请尝试:
if (!empty($auth['User'])){
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.