Log message #4183216

# At Username Text
# Apr 15th 2019, 21:13 rightscoreanalysis @ricksaccous I can pass the value in as a parameter
# Apr 15th 2019, 21:07 ricksaccous good luck
# Apr 15th 2019, 21:07 ricksaccous I've never used muffin so I don't know too much about it
# Apr 15th 2019, 21:07 ricksaccous https://github.com/UseMuffin/Footprint
# Apr 15th 2019, 21:06 ricksaccous but I believe what's usually recommended if you absolutely need it is to use the Muffin plugin
# Apr 15th 2019, 21:06 ricksaccous @rightscoreanalysis the short answer is you should never want to access user information in a model, the best thing to do in these cases is to pass information from the controller
# Apr 15th 2019, 21:02 rightscoreanalysis ... using the CakePHP Authentication plugin
# Apr 15th 2019, 20:57 rightscoreanalysis Can I get access to the AuthUser in a model function, When I try $this->AuthUser I get a message that AuthUser is not related to the Model in question
# Apr 15th 2019, 20:01 feLiruc Hello guys... I have some foreach and my final code is full of white lines with no code... my page is with 1k lines and 5k empty lines... how can I set the cake to not generate this white lines? My code is not with blank lines
# Apr 15th 2019, 16:50 admad @phantomwatson composer create-project cakephp/app:4.x-dev
# Apr 15th 2019, 16:19 phantomwatson Good point!
# Apr 15th 2019, 16:17 dereuromark it is also easier to contribute back right away, any fixes in app or core you might find along the way.
# Apr 15th 2019, 15:58 dereuromark I usually git clone the app repo and composer update
# Apr 15th 2019, 15:55 phantomwatson I'd like to try the CakePHP 4 alpha through the app skeleton, but I'm stuck on how to run `composer create-project` specifically for the `4.x` branch. Does anyone know off of the top of their heads how to do that?
# Apr 15th 2019, 15:35 unclezoot neon, dont know mate, we're using docker + ecs here
# Apr 15th 2019, 15:19 neon1024 I’m looking to setup one of my CakePHP applications on AWS to try it ou
# Apr 15th 2019, 15:19 neon1024 unclezoot, What’s the deal with Elastic Beanstalk, is that just a shortcut for setting up the bits you need to run a PHP instance in AWS?
# Apr 15th 2019, 15:19 neon1024 Are we all trying the Cake 4 alpha?
# Apr 15th 2019, 15:04 jeremyharris ok
# Apr 15th 2019, 15:04 jeremyharris are you resetting your session each time you test new settings?
# Apr 15th 2019, 15:04 unclezoot ill keep looking at it, thanks anyway
# Apr 15th 2019, 15:04 unclezoot that's the fallback (which doesnt appear to be working)
# Apr 15th 2019, 15:03 unclezoot it's this line isnt it? Session.php: if (!isset($sessionConfig['ini']['session.cookie_secure']) andand env('HTTPS') andand ini_get('session.cookie_secure') != 1) {
# Apr 15th 2019, 15:03 jeremyharris cake passes that ini value (or sets it to secure by default) when configuring the PHP sessions so PHP should kick in with the proper security
# Apr 15th 2019, 15:02 jeremyharris it’s the session cookie and not a different cookie?
# Apr 15th 2019, 15:02 jeremyharris are you sure it
# Apr 15th 2019, 15:01 jeremyharris (taking a look at the code)
# Apr 15th 2019, 14:59 unclezoot 'Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.'
# Apr 15th 2019, 14:58 unclezoot that's what i thought, but in Chrome Dev Tools (Application>Cookies) the Secure tickbox is not ticked, and the penetration testing report flagged this up as a 'medium risk': The cookie does not contain the "secure" attribute.
# Apr 15th 2019, 14:55 jeremyharris if you’re on ssl
# Apr 15th 2019, 14:55 jeremyharris it is set to `true` by default
# Apr 15th 2019, 14:49 unclezoot does anyone know how to set the 'secure' flag on a session cookie in cake3? 'Session.ini.session.cookie_secure' => true isnt doing anything for me
# Apr 15th 2019, 14:48 unclezoot yeah i think that's what the guy at work ended up doing, some sort of cronjob to keep the lambda alive
# Apr 15th 2019, 14:42 jeremyharris because of the warmup time - which you could ping to keep awake if you needed to
# Apr 15th 2019, 14:41 jeremyharris I use s3 and cloudfront - no need for lamda because mine is statically generated. lamda is good for little tasks that get a lot of consistent hits
# Apr 15th 2019, 14:41 ricksaccous i hardly remember anything from the course though because i don't really use AWS a lot
# Apr 15th 2019, 14:41 ricksaccous you'll still need to pay for the db but yep
# Apr 15th 2019, 14:40 ricksaccous removes the need for an ec2 instance
# Apr 15th 2019, 14:40 ricksaccous i took an aws training course, the instructor pretty much advocated using nothing but lambdas and s3 buckets to serve websites
# Apr 15th 2019, 14:36 neon1024 Wouldn’t that depend on your EC2 and S3 instances
# Apr 15th 2019, 14:36 unclezoot there's a problem with wakeing them up i believe, i.e. a cold start takes some time