Bypass Authentication

I am using CakePHP 4 and when I go to my site, it displays a login screen. I want it to go to the home page without needing to log in. How can I bypass the login?

Do you have something like


in your Users controller, which allows using the login page without being logged in?

Thanks, Zuluru. I added that to UsersController and when I clicked on the home page in my navigation after logging out, I got the message: “You are not authorized to access that location.”

There must be something wrong with my routes because I am able to go to other pages without being logged in.

I changed my routes and my PagesController but it still redirects me to the login page when I try to go to the home page.

// in src/Controller/AppController.php
public function beforeFilter(\Cake\Event\EventInterface $event)
// for all controllers in our application, make index and view
// actions public, skipping the authentication check
$this->Authentication->addUnauthenticatedActions([‘index’, ‘view’]);

this is from the tutorial.
if you have this in your app controller, then all index and view templates can be accessed with out being logged in.

which page is your starting page?

Thanks, dirk. That fixed it.

When I go to my domain name, it displays the login page instead of the home page. I read the tutorial at CMS Tutorial - Authentication - 4.x but I couldn’t find a way to land on the home page instead of the login page. I looked over the part of the tutorial about Authorization but I didn’t see anything relevant there either. The page about authorization at CMS Tutorial - Authorization - 4.x is very complicated and I don’t want to add the functionality because it looks like too much work. Do I need the authorization plug-in for my site to work properly or can I skip it?

If you aren’t going to be doing anything at all that requires people to log in, then you don’t need to do anything at all with the authentication or authorization plugins, or users controller for that matter.

I want people to be able to navigate my site without being logged in but they need to be logged in to perform some actions so I do need authentication. I just don’t know if authentication is enough or if I have to do authorization as well.

If someone is logged in, can they perform all actions, or do the actions they can perform depend on who they are? For example, can they only edit records they created, or are there various roles that have different access? If you have anything like that, then that’s authorization: determining which actions a specific user can take and/or on which records.

They can only edit records they created but there aren’t various roles that have different access.

Then you need authorization. It’s the thing that checks this.

How do I force the page to go to the home page when I go to my domain instead of going to the login page?

you have to set


in the controller, that renders your homepage.

So take a look in the tutorial at Routing - 4.x

and look in the routes to find out what your homepage is

Thanks, dirk. That worked.