Last thursday I was working on a little project and I wanted to create an easy way for people that follow my workshop to implement a strong and secure salt and cipher seed for their instances of CakePHP. Therefore I made a small website that generates the entire code for you, making it just a matter of copying and pasting the code. Go to http://cakephp.thomasv.nl to see it in action.
A while back in January 2013, I wrote an article on how to store CakePHP’s sessions in the database, instead of using PHP as the session handler. Recently I received a question if it would be possible to expire (delete) all of a user’s sessions except the current one. It made me look back at the code I wrote in 2013 and I wondered if I could do better than I did before.
In this article, I cover how to setup CakePHP 2.8.x (the version is important, because of a bug fix that was necessary to make it work!) to use sessions stored in the database. I answer the question if it is possible to delete a user’s old sessions except the current one too. I also include an updated version of my previous attempt of retrieving online users. I placed all the code used on github for easy viewing.
In my opinion, CakePHP is a well equipped framework for building web applications. In this article I will try to explain how I overcame certain
obstacles challenges when dealing with CakePHP and RESTFul Routes. For this article I used CakePHP v2.4.3 with a slight alteration to the core code => will be fixed in 2.4.4.
An updated version of this article is available here: CakePHP 2.8.x: Storing Sessions in the Database Revisited
Because I want to make this example as easy to understand for everyone, I will write it in English. I’m not a native speaker / writer so there might be some grammar errors for which I apologize in advance.
What I will be covering today is how to configure your CakePHP 2.0 system to use your database to store user sessions, if you have one obviously. This could be useful to manage multiple sessions from different devices / ip addresses and to make sure no one else is signed in when you sign in somewhere else. Those parts I won’t be covering today, because that wouldn’t make this a small-tutorial =]. What I will be covering is something I find to be extremely handy in some situations, and that’s a method that shows you who’s online by checking recent session data.