Cakephp auth component with two models session

Question

I have two cakephp2 applications running on same database, but having different Auth tables and different $this->Auth->userModel values accordingly. Authentication works wel

Answer 1

If not configured otherwise, AuthComponent will write the authenticated user record to the Auth.User session key in CakePHP 2. But it can be changed:

AuthComponent::sessionKey

The session key name where the record of the current user is stored. If unspecified, it will be "Auth.User".

(In CakePHP 1.3 this was different: Auth.{$userModel name})

So, if your apps share a Session, which they do, if cookie name and Security.salt match, the logged in record will be shared.

There are two possibilities to solve this:

Separate the logins

Simply set a different AuthComponent::sessionKey for your two models. This will allow them to keep the logged in user separately

Separate the sessions

Configure different Cookie names and Salts for both apps, so their sessions cannot override each other. This is probably the cleaner solution, because it also covers the risk of other session keys being double-used.