I been having reports from my users that they are getting randomly logged out of my web applications. After much debugging I found that CakePHP regenerates the session on every request.
/** * The level of CakePHP security. The session timeout time defined * in 'Session.timeout' is multiplied according to the settings here. * Valid values: * * 'high' Session timeout in 'Session.timeout' x 10 * 'medium' Session timeout in 'Session.timeout' x 100 * 'low' Session timeout in 'Session.timeout' x 300 * * CakePHP session IDs are also regenerated between requests if * 'Security.level' is set to 'high'. */ Configure::write('Security.level', 'high');
After changing the ‘Security.level’ to medium the problem stopped happening.