Using the session within models

This is something that everyone wants to do, but are afraid it breaks the MVC paradigm. Theoretically, the session should be a model, seeing as how it represents data and manages adds, edits, deletes, etc. Regardless, it's a much easier approach to use the session within the model directly, instead of having to pass it as an argument within each method call. Other developers who have attempted this task either try to import the SessionComponent or to use $_SESSION directly.

If you use the component, then you are using the class outside of its scope (a controller helper). If you use the $_SESSION global, then you don't have the fancy Cake dot notation access (Auth.User.id, etc) as well as its session management and security. But don't worry, Cake comes packaged with this powerful class called CakeSession, which both the SessionComponent and helper extend. Merely instantiate this class within your AppModel and you are set.

// Import the class
App::import('Core', 'CakeSession');
// Instantiate in constructor
public function __construct($id = false, $table = null, $ds = null) {
	parent::__construct($id, $table, $ds);
	$this->Session = new CakeSession();
}
// Using it within another model
$user_id = $this->Session->read('Auth.User.id');

Now you have control of the session within the model, bundled with Cake's awesome session management.

Official release of the AutoLogin Component

Many of you have heard me mention a component that keeps your Auth session active, even after the browser is closed. Well I think its time to officially announce it, my AutoLogin component. This component ties into the Auth component and allows a user to "remember me" to keep them constantly logged in. All data is saved to cookies and encrypted and hashed to no hijacking can occur. The best part though, is that the component automatically and magically saves and deletes cookies without you having to configure it (although you can configure it, check out the docs).

Download the latest version of AutoLogin

In other script related news...
Commentia has been updated to v1.3
Resession has been updated to v1.8 (now with more Security!)

Two new scripts, Resession and Decoda

It has been a while since I released some of my scripts, but now I have two to reveal! Well actually the Resession script has been up for nearly 2 months now, but I'm finally getting around to announcing. And without further ado, I give you Resession (Session Manager) and Decoda (A BBcode style parser).

Decoda

Decoda is a lightweight class that extracts and parses a custom markup language; based on the concept of BB code. Decoda supports all the basic HTML tags and manages special features for making links and emails auto-clickable, using shorthand emails and links, and finally allowing the user to add their own code tags.

Download the latest versions of Decoda

Resession

A small lightweight script that can manage and manipulate Session data. Calls session_start() in memory so that no header errors are thrown, as well as stores the session id in the object.

Download the latest version of Resession

If you have any suggestions for either of these classes, please feel free to comment this post or send me an email!

Refreshing the Auths session

If you have developed with the AuthComponent at all, you would know by now that the auth session does not refresh when ever a user updates its information (such a drawback). This is extremely useful in many situations, especially when a user updates his profile, and you need to echo the new content in the views. I have written the following method, which should be placed in your AppController. It can refresh the whole session or just a single key in the session.

/**
 * Refreshes the Auth session
 * @param string $field
 * @param string $value
 * @return void 
 */
public function _refreshAuth($field = '', $value = '') {
	if (!empty($field) && !empty($value)) { 
		$this->Session->write($this->Auth->sessionKey .'.'. $field, $value);
	} else {
		if (isset($this->User)) {
			$this->Auth->login($this->User->read(false, $this->Auth->user('id')));
		} else {
			$this->Auth->login(ClassRegistry::init('User')->findById($this->Auth->user('id')));
		}
	}
}

To refresh the whole session, you would call this method in an action while passing no arguments. If you would like to refresh a users email, you would pass email as the first argument, and the new email as the second. This method assumes you are using the SessionComponent and a User model.

// Refresh whole session
if ($this->User->save($this->data)) {
    $this->_refreshAuth();
    $this->Session->setFlash('Your information has been updated!');
}
// Refresh single key
$this->_refreshAuth('email', $this->data['User']['email']);

This should work fine for the time being, or at least until the Cake Team adds a refresh method to the AuthComponent. Cheers.