DerEuroMark

A new PrimaryKeySession authenticator for CakePHP addresses problems with storing full User entity objects in sessions. Instead of serializing the entire entity, it stores only the user's primary key and rebuilds the identity from the database on each request. This eliminates session invalidation issues during deployments, keeps user data always up to date, and reduces session storage size. The post covers configuration with custom finders (e.g., findActive to block inactive users), optional caching with Redis/Memcache to reduce DB queries, and cache invalidation strategies. The approach is available in the official CakePHP authentication plugin, with a caching-enabled version in the TinyAuth plugin.

Improved Session authenticator for CakePHP – DerEuroMark