I have a problem with
On a CakePHP 3.x page, I have forms generated with Form Helper (to take care of the security token) composed of just one textarea .
Whenever a user leave one of the textarea, the corresponding form is submitted through a jQuery Ajax request taking care of the token.
This use case works great and that way, I can use Ajax while maintaining Security using SecurityComponent.
The problem I have is when the PHP session is expired (if the user leaves the page open and inactive for more than the PHP session duration).
Because I am using CakeDC/users plugin and the remember me feature, before every Ajax request, I make a request to
/users/sessionStatus (a dummy action that has no other purpose that triggering the “reconnection” of the user automatically if it checked the “Remember Me” checkbox when signing in.
Unfortunately, when the session is recreated using the RememberMe cookie , session is reset and then, all subsequent POST request are black-holed because
$session->id() mismatch (because of the newly created session).
Also, in the docs, it is written :
unlockedActionsproperty will not affect other features of
This is unclear to me … Can someone please explain ?
If anyone has a bright idea to help solve that use case