Again a problem with the sessions

I already asked a similar question, but I have a problem again with sessions in CakePHP.

The problem is: when someone gets an email with a link inside and clicks this link, the session dies.

• If the user was logged into the site after clicking on the email's link, his session dies.

• If the user was logged into the site and c开发者_Go百科opies the email's link instead of clicking on it, then everything is okay.

I think I need some magic solution to finally solve this problem once and for all.

if user was logged in on the site after clicked on the letter's link his session died

This is probably because clicking the link caused whatever browser the user's using to start a new browser instance. How this is handled will vary from browser to browser.

I would leave the behaviour as it is. Working around this would be very complex, and likely to open up security problems in the process.

Do you have Security.level on "high" in config/core.php? If so, try with "medium" or "low".

Also, check that the email client isn't opening a different browser to the one the session is started in.

When the CakePHP 'Security.level' is set to 'high' or 'medium', CakePHP sets the PHP session.referer_check to your site hostname.

However, when the user clicks a link inside a email client, the referer check test fails and the session is marked as invalid.

What you have to do is the following:

1) Set CakePHP 'Security.level' as 'low'

OR

2) Provide a custom session configuration for CakePHP, as shown here, setting 'session.referer_check' to an empty string, this way:

ini_set('session.referer_check', '');