5

I can't find any reference to the Security.level configuration setting from Cake 1.3 in the CakePHP 2.2 manual.

I also can't find any reference to this setting in the migration guide.

This setting had a big impact on the session timer in Cake 1.3.

Security.level

The level of CakePHP security. The session timeout time defined in ‘Session.timeout’ is multiplied according to the settings here.

'high' = x 10 'medium' = x 100 'low' = x 300 'high' and 'medium' also enable session.referer_check

Has this setting in the config.php of an application been removed in CakePHP 2.x?

Reactgular
  • 52,335
  • 19
  • 158
  • 208

2 Answers2

5

No the setting has not been removed

It still exists in core.php

/**
 * The level of CakePHP security.
 */
Configure::write('Security.level', 'medium');

But...

It's not used in 2.x.

The only reference to this setting is in Security::inactiveMins - which isn't called by anything else. Therefore, while there is still an artefact of this setting left over in 2.x, the intention of this setting has been removed and hence it's not in the 2.x docs.

AD7six
  • 63,116
  • 12
  • 91
  • 123
  • So, why don't you, as a collaborator, mention this in CakePHP documentaion? The support for CakePHP 1.3 is ending or ended and we are migrating from it. – Mohsenme Apr 27 '15 at 10:23
  • 1
    It should be mentioned [in the migration guide](http://book.cakephp.org/2.0/en/appendices/2-0-migration-guide.html), it'll be an oversight that it's not there - as you would like the docs to mention this why don't you, as anyone can, click "Improve this Doc" instead of commanding that I do it =). – AD7six Apr 27 '15 at 13:21
3

With CakePHP 2.3 Security.level was removed from core.php.

Session timeout is set by this setting:

Configure::write('Session.timeout', '120');

Also: Modify session cookie expiry and session timeout for a CakePHP session

Community
  • 1
  • 1
trante
  • 33,518
  • 47
  • 192
  • 272