Session issue in IIS with CakePHP

When working on PHP and MySql development we rarely get a chance to install the application on Windows IIS server. And today I was asked to do the same. The first issue was related with mod_rewrite which is easily solved by un-commenting the line –

Configure::write(‘App.baseUrl’, env(‘SCRIPT_NAME’));

But the big issue came when I found that session is not working. After login the user is immediately redirected back to log-in page. I searched on Google for many solutions related with session.save_path, server time issues, user_agent verification etc., but none of them worked.

The I found a solution and I thought it may be helpful for some of you, or even me in future, if bookmarked here.I found a article in CakePHP Bakery, which suggested to use a separate file to handle session. Although this was not related to this issue, I though to give it a try and it worked for me.

To make it work you just need to create file in the /app/config folder with name, say session_handler.php. You can name it anything you like, and add below code in it:

// You can copy the ini_set statements from the switch block here
// for case 'php' (around line 484) and modify to your needs.

// Lets assume our config value for Security.level is 'medium'

//Get rid of the referrer check even when Security.level is medium
ini_set('session.referer_check', '');
// or you can use this to restore to previous value
// ini_restore('session.referer_check');

//Cookie lifetime set to 0, so session is destroyed when browser is closed and doesn't persist for days as it does by default when Security.level is 'low' or 'medium'
ini_set('session.cookie_lifetime', 0);

//Now this feels a bit hacky so it would surely be nice to have a config variable for cookie path instead.
//Cookie path is now '/' even if your app is within a sub directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

//This sets the cookie domain to "" thereby making session persists across all sub-domains
ini_set('session.cookie_domain', env('HTTP_BASE'));

//Comment out/remove this line if you want to keep using the default session cookie name 'PHPSESSID'
//Useful when you want to share session vars with another non-cake app.
ini_set('', Configure::read('Session.cookie'));



//Makes sure PHPSESSID doesn't tag along in all your urls
ini_set('session.use_trans_sid', 0);

Then modify “/app/config/core.php”, and replace below line –

Configure::write('', 'php');


Configure::write('', 'session_handler');

You need to put the name of your session file in place of “session_handler”. Hopefully it will work.


  1. Muhammad AsimMay 20, 2011

    I tried this , but still the same issue , i cannot login , when i enter my user and password , it redirects me back to the same login page again.

  2. RajendraMay 21, 2011

    Did you added the file correctly? I mean can you check that this file is being used to handle the session? You can put any debug code in this file and that should be displayed in the browser on page load.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top