| I have an OAuth signin in my website. %99.5 of signins are successfull but %0.5
fails. I have this error for months. I tried many things to debug and log but
still I didn't solve the problem. Although most of the requests are good I
need to solve the small part.
Scenario is like this:
User clicks Sign in button
I get request token from server (for example yahoo, twitter)
I save oauth_token in user's session
for example session ID is aaa1234
I redirect user to Twitter server and user confirms my application
User comes to my website with oauth verifier
a) I use user's oauth_token and oauth_verifier and get access_tokens. session
ID is aaa1234. everything good.
b) Failure. Because I can't find user's oauth_token in current session. When I
check session ID, I see that ID changed, ID is now bbb2345
For the scenario b:
It seems like user has new session ID now. oauth_token can't be found in new
session. But note that old session data exists in /tmp/sessions/ folder.
Session ID cookie doesn't exists for session aaa1234. But another tracking
cookie that I set 2 days ago exists in cookies.
I check user agents.
It is same when user first comes and user comes back from Yahoo server.
This failure scenario happens in Chrome, Firefox, mobile browsers or other
browsers, so I can't accuse browser type.
What should I check more to diagnose?
My CakePHP core.php settings:
Configure::write('Session', array( 'defaults' => 'cake' ));
Configure::write('Session.cookie', 'MYPHPSESSID');
Configure::write('Session.timeout', 120);
Configure::write('Security.level', 'medium');
Other settings are default as mentioned in file:
<https://github.com/cakephp/cakephp/blob/2.5/app/Config/core.php#L182>
Abigail Scott
<http://www.agileinfoways.com/technical-expertise/php-open-source-developments/php/> | |