When working on PHP and MySql development we rarely get a chance to install the application on Windows IIS server. And today I was asked to do the same. The first issue was related with mod_rewrite which is easily solved by un-commenting the line - Configure::write('App.baseUrl', env('SCRIPT_NAME')); But the big issue came when I found that session is not working. After login the user is immediately redirected back to log-in page. I searched on Google for many solutions related with session.save_path, server time issues, user_agent verification etc., but none of them worked. The I found a solution and I thought it may be helpful for some of you, or even me in future, if bookmarked here.I found a article in CakePHP Bakery, which suggested to use a separate file to handle session. Although this was not related to this issue, I though to give it a try and it worked for me. To make it work you just need to create file in the /app/config folder with name, say session_handler.php. You can name it anything you like, and add below code in it: <?php // You can copy the ini_set statements from the switch block here // http://code.cakephp.org/source/branches/1.2/cake/libs/session.php#484 // for case 'php' (around line 484) and modify to your needs. // Lets assume our config value for Security.level is 'medium' //Get rid of the referrer check even when Security.level is medium ini_set('session.referer_check', ''); // or you can use this to restore to previous value // ini_restore('session.referer_check'); //Cookie lifetime set to 0, so session is destroyed when browser is closed and doesn't persist for days as it does by default when Security.level is 'low' or 'medium' ini_set('session.cookie_lifetime', 0); //Now this feels a bit hacky so it would surely be nice to have a config variable for cookie path instead. //Cookie path is now '/' even if your app is within a sub directory on the domain $this->path = '/'; ini_set('session.cookie_path', $this->path); //This sets the cookie domain to ".yourdomain.com" thereby making session persists across all sub-domains ini_set('session.cookie_domain', env('HTTP_BASE')); //Comment out/remove this line if you want to keep using the default session cookie name 'PHPSESSID' //Useful when you want to share session vars with another non-cake app. ini_set('session.name', Configure::read('Session.cookie'));     //Makes sure PHPSESSID doesn't tag along in all your urls ini_set('session.use_trans_sid', 0); ?> Then modify "/app/config/core.php", and replace below line - Configure::write('Session.save', 'php'); with Configure::write('Session.save', 'session_handler'); You need to put the name of your session file in place of "session_handler". Hopefully it will work.