Log message #110442

# At Username Text
# Aug 7th 2008, 21:00 markstory helps stop session hijacking.
# Aug 7th 2008, 21:00 markstory compares a useragent string hash to that in the session.
# Aug 7th 2008, 20:59 markstory lqdice__: it checks a bunch of stuff in the headers too.
# Aug 7th 2008, 20:59 lqdice__ usually you can get by just by sending the session id
# Aug 7th 2008, 20:59 markstory with someone else. perhaps not with cake but with other session authenticated processes.
# Aug 7th 2008, 20:59 lqdice__ markstory: yeah but cake does some fancy session checking
# Aug 7th 2008, 20:59 markstory lqdice__: check the swfupload docs? I'm sure this has happened before.
# Aug 7th 2008, 20:58 zeeneo can't find it :|
# Aug 7th 2008, 20:58 lqdice__ zeeneo: do you have a link or know where it was ?
# Aug 7th 2008, 20:57 zeeneo you do it in the javascript
# Aug 7th 2008, 20:57 lqdice__ i can easily send the session id but cake checks for more than that
# Aug 7th 2008, 20:57 lqdice__ i found one but its editing core files
# Aug 7th 2008, 20:57 markstory )
# Aug 7th 2008, 20:57 markstory lqdice__: no auth!
# Aug 7th 2008, 20:56 lqdice__ anyone got a quick fix ?
# Aug 7th 2008, 20:56 zeeneo someone has a fix somewhere
# Aug 7th 2008, 20:56 lqdice__ bah dammit
# Aug 7th 2008, 20:56 zeeneo lqdice__, it doesn't send the session cookie when you send data
# Aug 7th 2008, 20:56 markstory swfupload can be a pain as it doesn't send sessions.'
# Aug 7th 2008, 20:56 infantigniter markstory: thanks you answered me before i really asked
# Aug 7th 2008, 20:56 markstory lqdice__: nope.
# Aug 7th 2008, 20:56 infantigniter cakephp seems to be doing that automagically at this point. but it also sends the entire view page. how can i stop that? (trust me i spent a half hour searching before i decided to bother the chat)
# Aug 7th 2008, 20:56 lqdice__ its giving me a hard time
# Aug 7th 2008, 20:56 lqdice__ markstory: err have you used swfupload before w/ Auth?
# Aug 7th 2008, 20:56 markstory and set $this->autoRender = false
# Aug 7th 2008, 20:56 zeeneo something like that, can't remember the parameter and it depends what you're using
# Aug 7th 2008, 20:56 markstory infantigniter: if you want quick and dirty echo 'foo'
# Aug 7th 2008, 20:56 zeeneo so then in your onSuccess(r) { if(r.json.success != true) { alert('arg'); } }
# Aug 7th 2008, 20:55 infantigniter oh, i understand
# Aug 7th 2008, 20:54 zeeneo infantigniter, you'd send the success of receiving the data
# Aug 7th 2008, 20:54 infantigniter well, "things" in this case being a minimal amount of data, like a 3 digit number
# Aug 7th 2008, 20:54 infantigniter markstory: lol. because my script only NEEDS to send data, not receive it. it sends a rating and some associated data; javascript does the updating of the page that sent the data. i don't need anything back. and i can't figure out how to send things back :)
# Aug 7th 2008, 20:54 zeeneo yeah, generally { success:true }
# Aug 7th 2008, 20:54 markstory and replying to it lets you know that all is well.
# Aug 7th 2008, 20:53 zeeneo SamuraiDio, try it and find out
# Aug 7th 2008, 20:53 zeeneo unsure, not done a findAllBy...
# Aug 7th 2008, 20:53 markstory it has feelings too.
# Aug 7th 2008, 20:53 SamuraiDio i mean, it works, but is ok to set fields and order that way?
# Aug 7th 2008, 20:53 markstory infantigniter: why would you be so mean to AJAX.
# Aug 7th 2008, 20:53 SamuraiDio is this fine? $cities = $this->Place->City->findAllByStateId($state_id, array('City.id', 'City.name'), 'City.name ASC');
# Aug 7th 2008, 20:53 zeeneo best practise