Re: Authentication & Authorization in CakePHP 2.0

After much debugging I realized that my 'Session.timeout' was set to 0
hence my session data was being dropped for every request. once I set
it to a 3600, the sessions remained and authorizations were succesful
But now this leads to another quandary. If I set the timeout to a
value and the user closes the browser without logging out, I would
like his/ her session to end and not remain because it hasnt reached
its timeout. How can I accomplish this ? Any ideas?

Thanks,

Anand

On Oct 26, 9:27 pm, Jeremy Burns | Class Outfit
<jeremybu...@classoutfit.com> wrote:
> Do you have any auth code in the users controller? Have you pit a debug statement inside isAuthorized just before returning true to check that it is actually passing?
>
> Jeremy Burns
> Class Outfit
>
> http://www.classoutfit.com
>
> On 26 Oct 2011, at 22:15, Anand Ramamurthy wrote:
>
>
>
>
>
>
>
> > Hello,
>
> > I am a CakePHP newbie. I am implementing login features using
> > Authentication Component (User model). It works good. However I am
> > facing problem in Authorization and Statefulness features. Once I am
> > logged in I am unable to browse to other pages as user seems to be not
> > logged in.
>
> > This is my component variable in AppController:
>
> > public $components = array(
> >        'Session',
> >        'Auth' => array(
> >            'loginAction' => array('controller' => 'users', 'action'
> > => 'login'),
> >            'loginRedirect' => array('controller' => 'users', 'action'
> > => 'index'),
> >            'logoutRedirect' => array('controller' => 'home', 'action'
> > => 'index'),
> >            'authError' => 'Did you really think you are allowed to
> > see that?',
> >            'authenticate' => array(
> >                'Form' => array('fields' => array('username' =>
> > 'email', 'password' => 'password')),
> >                'Basic' => array('userModel' => 'Users.User', 'fields'
> > => array('username' => 'email', 'password' => 'password'))
> >             ),
> >            'authorize' => array('Controller')
> >        )
> >    );
>
> > //AppController beforeFilter
> > function beforeFilter() {
>
> >        $this->Auth->autoRedirect = false;
> >        $this->Auth->userModel = 'User';
> >        $this->Auth->allow('index', 'view');
> >    }
>
> > //AppController isAuthorized
> > public function isAuthorized($user) {
>
> >        if (isset($user['role']) && $user['role'] == 'admin') {
> >             return true; //Admin can access every action
> >        }
> >        return false; // The rest don't
> >    }
>
> > The user I log in has the role of "admin" set in DB. The user is able
> > to login properly get redirected to index and then I try to use the
> > edit feature in the UsersController for which he should be authorized
> > but apparently instead I get redirected to login page again with the
> > message "You are not authorized!"
>
> > I would be grateful if somebody could chime in and help or provide
> > pointers as to what I could be doing wrong?
>
> > Thanks in advance.
>
> > Anand
>
> > --
> > Our newest site for the community: CakePHP Video Tutorialshttp://tv.cakephp.org
> > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help others with their CakePHP related questions.
>
> > To unsubscribe from this group, send email to
> > cake-php+unsubscribe@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php