HTTrack Website Copier
Free software offline browser - FORUM
Subject: CakePHP session is lost after an OAuth redirect
Author: Abigail Scott
Date: 03/05/2014 13:29
 
I have an OAuth signin in my website. %99.5 of signins are successfull but %0.5
fails. I have this error for months. I tried many things to debug and log but
still I didn't solve the problem. Although most of the requests are good I
need to solve the small part.

Scenario is like this:

User clicks Sign in button
I get request token from server (for example yahoo, twitter)
I save oauth_token in user's session
for example session ID is aaa1234

I redirect user to Twitter server and user confirms my application

User comes to my website with oauth verifier
a) I use user's oauth_token and oauth_verifier and get access_tokens. session
ID is aaa1234. everything good.
b) Failure. Because I can't find user's oauth_token in current session. When I
check session ID, I see that ID changed, ID is now bbb2345
For the scenario b:
It seems like user has new session ID now. oauth_token can't be found in new
session. But note that old session data exists in /tmp/sessions/ folder.

Session ID cookie doesn't exists for session aaa1234. But another tracking
cookie that I set 2 days ago exists in cookies.

I check user agents.
It is same when user first comes and user comes back from Yahoo server.

This failure scenario happens in Chrome, Firefox, mobile browsers or other
browsers, so I can't accuse browser type.
What should I check more to diagnose?
My CakePHP core.php settings:

Configure::write('Session', array(  'defaults' => 'cake'  ));
Configure::write('Session.cookie', 'MYPHPSESSID');
Configure::write('Session.timeout', 120);
Configure::write('Security.level', 'medium');
Other settings are default as mentioned in file:
<https://github.com/cakephp/cakephp/blob/2.5/app/Config/core.php#L182>

Abigail Scott
<http://www.agileinfoways.com/technical-expertise/php-open-source-developments/php/>
 
Reply


All articles

Subject Author Date
CakePHP session is lost after an OAuth redirect

03/05/2014 13:29




8

Created with FORUM 2.0.11