Configuring Security.level in CakePHP 2.x Still Used?

Question

Configuring Security.level in CakePHP 2.x Still Used?

I cannot find the configuration setting link Security.levelfrom Cake 1.3 in the CakePHP 2.2 manual .

I also cannot find a link to this parameter in the migration guide .

This setting had a big impact on the session timer in Cake 1.3.

Security.level
CakePHP Security Level. The session timeout time defined in "Session.timeout" is multiplied according to the settings here.

'high' = x 10 'medium' = x 100 'low' = x 300 'high' and 'medium' also allow session.referer_check

Is this installation fixed in config.phpapplications in CakePHP 2.x?

+5

php cakephp cakephp-1.3 cakephp-2.2

cgTag Jan 21 '13 at 19:47

source share

2 answers

Since CakePHP 2.3 has Security.levelbeen removed from core.php.

Session timeout is set by this parameter:

Configure::write('Session.timeout', '120');

Also: Change cookie cookie expiration and session timeout for CakePHP session

+3

trante Mar 2 '14 at 8:04

source share

AD7six · Accepted Answer · 2013-01-21T20:00:33+0000

No settings are not deleted

It still exists in core.php

/**
 * The level of CakePHP security.
 */
Configure::write('Security.level', 'medium');

But...

It is not used in 2.x.

The only reference to this parameter is in Security :: inactiveMins - which is not called by anything else. Therefore, while there is still an artifact of this parameter remaining in 2.x, the intent of this parameter has been removed and therefore it is not in the 2.x documents.

Configuring Security.level in CakePHP 2.x Still Used?

No settings are not deleted

But...

More articles: