Hey everyone,
I have a problem with SecurityComponent.
On a CakePHP 3.x page, I have forms generated with Form Helper (to take care of the security token) composed of just one textarea .
Whenever a user leave one of the textarea, the corresponding form is submitted through a jQuery Ajax request taking care of the token.
This use case works great and that way, I can use Ajax while maintaining Security using SecurityComponent.
The problem I have is when the PHP session is expired (if the user leaves the page open and inactive for more than the PHP session duration).
Because I am using CakeDC/users plugin and the remember me feature, before every Ajax request, I make a request to /users/sessionStatus (a dummy action that has no other purpose that triggering the “reconnection” of the user automatically if it checked the “Remember Me” checkbox when signing in.
Unfortunately, when the session is recreated using the RememberMe cookie 
, session is reset and then, all subsequent POST request are black-holed because $session->id() mismatch (because of the newly created session).
Also, in the docs, it is written :
The
unlockedActionsproperty will not affect other features ofSecurityComponent:
This is unclear to me … Can someone please explain ?
If anyone has a bright idea to help solve that use case 
Thanks !
and the best solution seems to implement a countdown 
in Javascript to present the user a modal when its session is about to expire to allow it to extend the session or logout.
the page. If the user had checked the “Remember Me” checkbox when logging-in, the page will be refreshed, remember me mechanism triggered that will re-set/re-login the user session (and security tokens will be regenerated accordingly).
The only thing I should also take care using that approach is that I currently save typed texts in the textareas only when the user leaves the field (
feature that would post the form when the user stopped typing 
for more than 5 secs. That way, all data would be always saved before the user needs to refresh the page 