Session issue in IIS with CakePHP

When working on PHP and MySql development we rarely get a chance to install the application on Windows IIS server. And today I was asked to do the same. The first issue was related with mod_rewrite which is easily solved by un-commenting the line –

Configure::write(‘App.baseUrl’, env(‘SCRIPT_NAME’));

But the big issue came when I found that session is not working. After login the user is immediately redirected back to log-in page. I searched on Google for many solutions related with session.save_path, server time issues, user_agent verification etc., but none of them worked.

The I found a solution and I thought it may be helpful for some of you, or even me in future, if bookmarked here.I found a article in CakePHP Bakery, which suggested to use a separate file to handle session. Although this was not related to this issue, I though to give it a try and it worked for me.

To make it work you just need to create file in the /app/config folder with name, say session_handler.php. You can name it anything you like, and add below code in it:

// You can copy the ini_set statements from the switch block here
// for case 'php' (around line 484) and modify to your needs.

// Lets assume our config value for Security.level is 'medium'

//Get rid of the referrer check even when Security.level is medium
ini_set('session.referer_check', '');
// or you can use this to restore to previous value
// ini_restore('session.referer_check');

//Cookie lifetime set to 0, so session is destroyed when browser is closed and doesn't persist for days as it does by default when Security.level is 'low' or 'medium'
ini_set('session.cookie_lifetime', 0);

//Now this feels a bit hacky so it would surely be nice to have a config variable for cookie path instead.
//Cookie path is now '/' even if your app is within a sub directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

//This sets the cookie domain to "" thereby making session persists across all sub-domains
ini_set('session.cookie_domain', env('HTTP_BASE'));

//Comment out/remove this line if you want to keep using the default session cookie name 'PHPSESSID'
//Useful when you want to share session vars with another non-cake app.
ini_set('', Configure::read('Session.cookie'));



//Makes sure PHPSESSID doesn't tag along in all your urls
ini_set('session.use_trans_sid', 0);

Then modify “/app/config/core.php”, and replace below line –

Configure::write('', 'php');


Configure::write('', 'session_handler');

You need to put the name of your session file in place of “session_handler”. Hopefully it will work.

Scroll to top