When working on PHP and MySql development we rarely get a chance to install the application on Windows IIS server. And today I was asked to do the same. The first issue was related with mod_rewrite which is easily solved by un-commenting the line –
Configure::write(‘App.baseUrl’, env(‘SCRIPT_NAME’));
But the big issue came when I found that session is not working. After login the user is immediately redirected back to log-in page. I searched on Google for many solutions related with session.save_path, server time issues, user_agent verification etc., but none of them worked.
The I found a solution and I thought it may be helpful for some of you, or even me in future, if bookmarked here.I found a article in CakePHP Bakery, which suggested to use a separate file to handle session. Although this was not related to this issue, I though to give it a try and it worked for me.
To make it work you just need to create file in the /app/config folder with name, say session_handler.php. You can name it anything you like, and add below code in it:
<?php
// You can copy the ini_set statements from the switch block here
// http://code.cakephp.org/source/branches/1.2/cake/libs/session.php#484
// for case 'php' (around line 484) and modify to your needs.
// Lets assume our config value for Security.level is 'medium'
//Get rid of the referrer check even when Security.level is medium
ini_set('session.referer_check', '');
// or you can use this to restore to previous value
// ini_restore('session.referer_check');
//Cookie lifetime set to 0, so session is destroyed when browser is closed and doesn't persist for days as it does by default when Security.level is 'low' or 'medium'
ini_set('session.cookie_lifetime', 0);
//Now this feels a bit hacky so it would surely be nice to have a config variable for cookie path instead.
//Cookie path is now '/' even if your app is within a sub directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);
//This sets the cookie domain to ".yourdomain.com" thereby making session persists across all sub-domains
ini_set('session.cookie_domain', env('HTTP_BASE'));
//Comment out/remove this line if you want to keep using the default session cookie name 'PHPSESSID'
//Useful when you want to share session vars with another non-cake app.
ini_set('session.name', Configure::read('Session.cookie'));
//Makes sure PHPSESSID doesn't tag along in all your urls
ini_set('session.use_trans_sid', 0);
?>
Then modify “/app/config/core.php”, and replace below line –
Configure::write('Session.save', 'php');
with
Configure::write('Session.save', 'session_handler');
You need to put the name of your session file in place of “session_handler”. Hopefully it will work.