I can't find any reference to the Security.level configuration setting from Cake 1.3 in the CakePHP 2.2 manual.
我在CakePHP 2.2手册中找不到Cake 1.3中对Security.level配置设置的任何引用。
I also can't find any reference to this setting in the migration guide.
我也无法在迁移指南中找到对此设置的任何引用。
This setting had a big impact on the session timer in Cake 1.3.
此设置对Cake 1.3中的会话计时器有很大影响。
Security.level
安全级别
The level of CakePHP security. The session timeout time defined in ‘Session.timeout’ is multiplied according to the settings here.
CakePHP安全级别。 “Session.timeout”中定义的会话超时时间将根据此处的设置进行相乘。
'high' = x 10 'medium' = x 100 'low' = x 300 'high' and 'medium' also enable session.referer_check
'high'= x 10'medic'= x 100'low'= x 300'high'和'medium'也启用session.referer_check
Has this setting in the config.php of an application been removed in CakePHP 2.x?
在CakePHP 2.x中删除了应用程序的config.php中的此设置吗?
2 个解决方案
#1
5
No the setting has not been removed
It still exists in core.php
它仍然存在于core.php中
/**
* The level of CakePHP security.
*/
Configure::write('Security.level', 'medium');
But...
It's not used in 2.x.
它没有在2.x中使用。
The only reference to this setting is in Security::inactiveMins - which isn't called by anything else. Therefore, while there is still an artefact of this setting left over in 2.x, the intention of this setting has been removed and hence it's not in the 2.x docs.
对此设置的唯一引用是在Security :: inactiveMins中 - 其他任何内容都不会调用它。因此,虽然在2.x中仍然存在此设置的假象,但此设置的意图已被删除,因此它不在2.x文档中。
#2
3
With CakePHP 2.3 Security.level was removed from core.php.
使用CakePHP 2.3 Security.level已从core.php中删除。
Session timeout is set by this setting:
会话超时由此设置设置:
Configure::write('Session.timeout', '120');
Also: Modify session cookie expiry and session timeout for a CakePHP session
另外:修改CakePHP会话的会话cookie到期和会话超时
#1
5
No the setting has not been removed
It still exists in core.php
它仍然存在于core.php中
/**
* The level of CakePHP security.
*/
Configure::write('Security.level', 'medium');
But...
It's not used in 2.x.
它没有在2.x中使用。
The only reference to this setting is in Security::inactiveMins - which isn't called by anything else. Therefore, while there is still an artefact of this setting left over in 2.x, the intention of this setting has been removed and hence it's not in the 2.x docs.
对此设置的唯一引用是在Security :: inactiveMins中 - 其他任何内容都不会调用它。因此,虽然在2.x中仍然存在此设置的假象,但此设置的意图已被删除,因此它不在2.x文档中。
#2
3
With CakePHP 2.3 Security.level was removed from core.php.
使用CakePHP 2.3 Security.level已从core.php中删除。
Session timeout is set by this setting:
会话超时由此设置设置:
Configure::write('Session.timeout', '120');
Also: Modify session cookie expiry and session timeout for a CakePHP session
另外:修改CakePHP会话的会话cookie到期和会话超时