Cakephp 2.x会话即将过期
[英]Cakephp 2.x Session expire very soon
问题描述
On My Site User logout before session expire time. 
在会话到期时间之前在“我的站点”用户上注销。 I am currentlty using Cakephp 2.8. 我目前正在使用Cakephp 2.8。 It works well on local but not on server. 它在本地有效,但在服务器上无效。 I host my site on BigRock I tried so hard I could not find reason behind this. 我将网站托管在BigRock上,我非常努力,以至于找不到背后的原因。
In config/code.php 在config / code.php中
Configure::write('Session', array(
'defaults' => 'php',
'timeout' => 43200 // 30 days
));
And below is Chrome cookie storage snapshot 下面是Chrome Cookie存储快照
2 个解决方案
解决方案1
1 2019-01-07 15:17:43
i ran into the same issue since the servers used load balancing. 由于服务器使用了负载平衡,因此我遇到了同样的问题。 When changing the host, the session was lost. 更改主机时,会话丢失。 Did you contact BigRock already? 您是否已经联系BigRock?
You can put the session into database or redis/memcached to solve this issue. 您可以将会话放入数据库或redis / memcached中以解决此问题。
解决方案2
1 2019-01-22 12:26:39
his issue happens due to load-balancers routing requests to different servers and servers being configured to store session data in local storage/cache mechanism to the single servers. 由于负载平衡器将请求路由到不同的服务器,并且服务器被配置为将会话数据以本地存储/缓存机制存储到单个服务器,所以发生了他的问题。
When a server receives request with a session id that was assigned by a different server, it will not recognize the session id as it is missing in its local session storage/cache. 当服务器接收到具有由其他服务器分配的会话ID的请求时,它将无法识别该会话ID,因为它在其本地会话存储/缓存中丢失。 Hence, it will send a 401 - Unauthorized header for the client to re-authenticate. 因此,它将发送401 - Unauthorized标头供客户端重新认证。
The solution for this can be implemented in two layers: 解决方案可以分两层实现:
- In the networking layer by configuring "sticky sessions" in the load balancers. 在网络层中,通过在负载均衡器中配置“粘性会话”。
- In the application layer by configuring session storage to be shared between the different application servers (ie as @50ShardsOfGray suggested to use a redis/memcached cache or database for having a shared session storage). 在应用程序层中,通过配置会话存储以在不同的应用程序服务器之间共享(例如,@ 50ShardsOfGray建议使用redis / memcached缓存或数据库来拥有共享的会话存储)。
Both these solutions have their advantages as well as disadvantages, with the main disadvantage being loss of flexibility. 这两种解决方案都有其优点和缺点,主要缺点是缺乏灵活性。 This is one of the reasons that micro-service architectures are using exclusively jwt tokens for authentication and authorization. 这是微服务架构仅将jwt令牌用于身份验证和授权的原因之一。
IMHO which layer you decide to implement will depend on performance and effort requirements to implement the change. 恕我直言,您决定实施哪一层取决于实施变更的性能和工作量要求。 As I see it, you could easily change the app configuration to store sessions in the database (although cache is far more preferred) but there would definitely be a performance hit. 如我所见,您可以轻松地更改应用程序配置以将会话存储在数据库中(尽管更喜欢使用缓存),但是肯定会对性能造成影响。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.