Saturday, March 21, 2009

Sharing Session State Across CakePHP Applications

Saturday, March 21, 2009

This is a pretty simple tip, but I thought I might want to document this somewhere like the gotcha page. I'll show you how to share session state across multiple CakePHP applications. It's as easy as 1-2-3.

Let's say we have two sites, and A user is browsing and we want him (or her) transferred to The user should be already authenticated before jumping to

There are some settings you must first configure:

  • Make sure that you have set 'Security.level' to 'low' on Notice that 'high' and 'medium' will mark the embedded session ID as invalid.
  • Set the session handling method ('' in app/config/core.php) to either 'php' or 'database'. Both applications must have the same session handling method and access to the same session storage (and therefore the same session).
  • Use the same Security.salt (/app/config/core.php) for each application.

In our view template on, append the session ID to the link like the following:

echo $html->link('Go to',
 "" . $session->id()
On the other end (, use $this->Session->id($this->params['url']['sid']) in the beforeFilter method of your controller:
function beforeFilter() {
  if (!empty($this->params['url']['sid'])) {

When the user clicks the link on, it'll redirect with the session id as parameter and instantiate a new session.

If you need a more secure way, go check the next post “A More Secure Way to Transfer Session State Between CakePHP Applications


Post a Comment

Please feel free to post your comment about this article.

JamNite ◄Design by Pocket, BlogBulk Blogger Templates