Well, I am not an expert, but I also had problems like You guys describe. I also used a lot of ajax calls (actually, after the login there was only ajax). So I lowered the security level to medium and disabled the cache of the browser with $this->disableCache(); in the beforeFilter() of the AppController.
A few thoughts though: If the web server thinks you are just another user, it generates new session, right? So your session actually gets lost - broken. But yet there it is a session cookie, so the web server should know it is you until you close the browser or the session expires (timeout). What I noticed however is that if a normal cookie is used and you read it every time, there is no problem with the authentication - you continue to be logged since your app uses the session saved in the cookie, right? So if the session gets lost, you read the cookie and you are logged again, but this will not bring the old session back. I always wanted to read an opinion of a specialist on that matter, but every time someone asks about a session problem, it appears no one can give a definitive and full answer. Only speculations like mine. And the common answer here is usually: set your security to medium, because when it is high, the session key gets regenerated on each page load. OK, it regenerates, but this doesn't have to be a problem. And why the session gets lost sometimes no one answers. Does it have to do something with the web server itself? And if the answer is YES, how can we deal with that. I know it is out of the scope of the Cake, but I still can't find a full and thorough answer anywhere. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en To unsubscribe from this group, send email to cake-php+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
