Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
933 views
in Technique[技术] by (71.8m points)

redirect - CakePHP 403 on AJAX request

I'm trying to use AJAX to autocomplete a search box on my website. I was using firebug to test my application. When I try to search something, Firebug tells me that the AJAX request returned a 403 forbidden error. However, when I copy the EXACT URL that was in the AJAX request, it returns the correct data.

Edit: I think this has to be something on the JavaScript side. Are there any headers that might be omitted with an AJAX request compared to a normal request?

Here is the $_SERVER variable (I removed the parameters that were the same on both requests) on an AJAX request that failed (1) vs typing the URL in and it works (2):

(1)

2011-04-02 13:43:07 Debug: Array
(
    [HTTP_ACCEPT] => */*
    [HTTP_COOKIE] => CAKEPHP=0f9d8dc4cd49e5ca0f1a25dbd6635bac;
    [HTTP_X_REQUESTED_WITH] => XMLHttpRequest
    [REDIRECT_REDIRECT_UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
    [REDIRECT_UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
    [REMOTE_PORT] => 60252

    [UNIQUE_ID] => TZdgK654EmIAAEjknsMAAAFG
    [REQUEST_TIME] => 1301766187
)

(2)

2011-04-02 13:44:02 Debug: Array
(
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_COOKIE] => CAKEPHP=d8b392a5c3ee8dd948cee656240fd5ea;
    [REDIRECT_REDIRECT_UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
    [REDIRECT_UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
    [REMOTE_PORT] => 60281

    [UNIQUE_ID] => TZdgYq54EmIAAF7zt6wAAAJJ
    [REQUEST_TIME] => 1301766242
)
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I think I found the solution. I set the security level to medium to solve the issue. I found this line in the config folder. Does a medium security level pose any problems in production?

/**
 * The level of CakePHP security. The session timeout time defined
 * in 'Session.timeout' is multiplied according to the settings here.
 * Valid values:
 *
 * 'high'   Session timeout in 'Session.timeout' x 10
 * 'medium' Session timeout in 'Session.timeout' x 100
 * 'low'    Session timeout in 'Session.timeout' x 300
 *
 * CakePHP session IDs are also regenerated between requests if
 * 'Security.level' is set to 'high'.
 */
    Configure::write('Security.level', 'medium');

Edit: This is definitely the solution. Here's what was happening:

When the security level is set to high, a new session ID is generated upon every request.

That means that when I was making ajax requests, a new session ID would be generated.

If you stay on the same page, JavaScript makes a request, which generates a new session_id, and doesn't record the new session_id.

All subsequent ajax requests use an old session_id, which is declared invalid, and returns an empty session.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...