#1
  1. No Profile Picture
    got Rice?
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2004
    Posts
    518
    Rep Power
    10

    [CakePHP] Losing Sessions After leaving and coming back from site (30 seconds)


    Has anyone had issues with CakePHP losing sessions?

    I setup a paypal checkout Using Paypal Payments Advanced. It leaves my site to go to Paypal's hosted checkout pages, then it gets back to my site.

    But every once in awhile, I have seen it to where when I go to the paypal site, and get redirected back, CakePHP seems to have lost the session. And this is within 30 seconds, and as quick as 5 seconds (testing the cancel order button as soon as I get to the Paypal site).

    side note, I even had an issue to where before I was sent to the Paypal site, I had one session (verified, and verified data in the session to be correct), but then as soon as I am redirected back to the site from paypal, I had the session of an older prior session (data in the session was from a few tests before, roughly 30 minutes before). This was even after clearing local browser cache and restarting browser. Only happened once and cant seem to reproduce it again.
    Last edited by jaeSun; June 26th, 2013 at 02:37 PM.
  2. #2
  3. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    Does your subdomain change? Sessions are cookie based, and cookies are based on domain, subdomain, and protocol.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  4. #3
  5. No Profile Picture
    got Rice?
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2004
    Posts
    518
    Rep Power
    10
    no, its all on the same domain, doesnt use a subdomain, it doesn't use https.

    now that you mention it, maybe using database rather than cookies might help.
  6. #4
  7. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    Sessions are ALWAYS cookie based. The session store on the server doesn't matter for the end-users.

    Check your cookies on your browser when this happens. Do you have more than one PHPSESSID cookie (or whatever your session cookie is named)?

    Are you on a shared server? Does your server have any auto-cleanup going on that might kill the session files?

    Sessions are a file on your server. The name of that file is stored in the user's browser as a cookie. Whenever they visit your site, they send their cookies, and that allows your server to restore the session from the file. Either your users' cookies are disappearing (or changing) or your session file is disappearing. First step is to figure out where the problem occurs (client or server)
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  8. #5
  9. No Profile Picture
    got Rice?
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2004
    Posts
    518
    Rep Power
    10
    Originally Posted by ManiacDan
    Sessions are ALWAYS cookie based. The session store on the server doesn't matter for the end-users.

    Check your cookies on your browser when this happens. Do you have more than one PHPSESSID cookie (or whatever your session cookie is named)?

    Are you on a shared server? Does your server have any auto-cleanup going on that might kill the session files?

    Sessions are a file on your server. The name of that file is stored in the user's browser as a cookie. Whenever they visit your site, they send their cookies, and that allows your server to restore the session from the file. Either your users' cookies are disappearing (or changing) or your session file is disappearing. First step is to figure out where the problem occurs (client or server)
    yeah, i just realized that (database and cookies)

    ill check into that and do more testing.

    is http://domain.com and http://www.domain.com different in regards to the session cookie?

    I just realized in my paypal manager settings it was redirecting to http://domain.com while the site is usually http://www.domain.com.
    Last edited by jaeSun; June 26th, 2013 at 03:22 PM.
  10. #6
  11. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    Sometimes, depending on how your cookies are set. Check to see if you have more than one or use the session cookie paramter function to set a proper wildcard.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  12. #7
  13. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Your browser might offer developer tools that can help check what your cookies are doing, too.

    CRTL-SHIFT-I if you're using Chrome.

    But yeah, just sounds like you need to tweak your cookie to work across subdomains (ie, both lvchefs.com and www.lvchefs.com).

    It's a whee bit annoying to have to do that, but it should get it working for you.
  14. #8
  15. No Profile Picture
    got Rice?
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2004
    Posts
    518
    Rep Power
    10
    Originally Posted by ManiacDan
    Sometimes, depending on how your cookies are set. Check to see if you have more than one or use the session cookie paramter function to set a proper wildcard.
    right now, i see 2 cookies, 1 for domain.com, 1 for www.domain.com, but the domain.com also has an Indexed Database (cookie?). This is in Google Chrome.

    I ended up just changing the return URL to use www.domain.com but still playing around with it anyways.

    edit: i think that was likely the issue. if i login at www.domain.com, i wont be logged in a domain.com and vice versa. ill have to change the cakephp settings to account for both as mentioned earlier anyways.
    Last edited by jaeSun; June 26th, 2013 at 03:29 PM.
  16. #9
  17. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Originally Posted by jaeSun
    right now, i see 2 cookies, 1 for domain.com, 1 for www.domain.com, but the domain.com also has an Indexed Database (cookie?). This is in Google Chrome.

    I ended up just changing the return URL to use www.domain.com but still playing around with it anyways.

    edit: i think that was likely the issue. if i login at www.domain.com, i wont be logged in a domain.com and vice versa. ill have to change the cakephp settings to account for both as mentioned earlier anyways.
    You can also do an .htaccess redirect to www. if it's not entered. That'll help keep things consistent.

IMN logo majestic logo threadwatch logo seochat tools logo