Cake app running on WAMP sever vs bin\cake server problems

Before we start, I have searched and read for hours both on this discourse and various google searches about deploying Cake apps. I fully understand that Cake is designed to use mod_rewrite and that what I am trying to do SHOULD just work. I have read the bits about setting RewriteBase, nothing I have tried from that reading has accomplished anything.

In any event, I tried before I posted here, really I did. I have a fully running app, but I’m having trouble deploying it.

Running Cake version 4.1.6 PHP 7.4.9 Apache 2.4.46 WAMP server 3.2.3 64bit on Windows 10

The Cake app is in \wamp64\www\myapp

If in command I cd there and type bin\cake server the server starts up and everything works just excellently. I browse to

and the system redirects (as it should) to
and the entire app runs as it should. I can log in, list, edit, view, page, all that good stuff. Very nice. I have not used Cake before but I must say this is very nice stuff. This app went together in near record time.

Anyway, time for the massive fail…

I then clear the tmp folder, clear the browser’s cache (or use a different browser), and try to access the app from the WAMP server.

I go to

and the server attempts a redirect to
which gives a 404.

If instead I try to open


The login page opens up quite nicely, but the same usernames and passwords that work so well in the cake server (localhost:8765) pop up the box that says that my username or password is incorrect. I presume this because the paths don’t work.

When I deploy this to the client’s server it will have to exist at and not at (what from extensive reading I presume to be the Cake normal) That would be nice and all, but I don’t have that as an option in this case, so here I am.

I have wondered if this piece of code in webroot/index.php has something to do with it, but I honestly don’t understand what it is trying to tell me.

// For built-in server
    if (PHP_SAPI === 'cli-server') {
    $_SERVER['PHP_SELF'] = '/' . basename(__FILE__);

    $url = parse_url(urldecode($_SERVER['REQUEST_URI']));
    $file = __DIR__ . $url['path'];
    if (strpos($url['path'], '..') === false && strpos($url['path'], '.') !== false && is_file($file)) {
        return false;

In your collective minds, what have I done wrong, where should I look, what might I try next?

Hmmm or is my problem in Application.php where it says:

$authenticationService = new AuthenticationService([
        'unauthenticatedRedirect' => '/users/login',
        'queryParam' => 'redirect',

Perhaps it should say /myapp/users/login ? I’ll just try that…

OK, cool, that fixes the first redirect, if I browse to //localhost/myapp, I get redirected to //localhost/myapp/users/login Coolness. But, unfortunately, I still can’t log in. Same mysql database, on the same localhost server with the same username and password, so that shouldn’t be it. I’m still confused.

Well, that’s interesting indeed.

I change the unauthenticateRedirect to /myapp/users/login and then further down I change the loginUrl to the same, and STRING MUSIC it lets me log in.

But… it then trys to send me to /myapp/myapp/ which naturally throws a missing controller error.

If I manually then go to /myapp/things manually the authentication succeeds, I did log in, and I get the list of things. I can page, I can view, edit, delete and add things. I can log out. I can log back in. This is all very cool… so, it’s only that first redirect, which has this problem:


It’s that second myapp. It sticks it on the end of the GOOD redirect. Hmmm. Does that happen in webroot/index.php? Well, if so it’s not hard coded that I can find. I guess it might somehow refer back to the //for built in server code in webroot/index.php – but I don’t see why.

Of course, these changes break the localhost:8765, but I couldn’t care less because of course, that isn’t how it’s going to run on the deployment server.

I may be way off base here, but I have found when referencing parts of the app by path - especially files outside the CakePHP but on the same server (not the case here) - is that the folder you run the cake server from is relevant. Running the cake.php from a folder higher than it (like how the tutorials on WAMP say to do, ie. cd app then bin\cake server) will break it.

So just to remove that as a possibility of not losing paths relative to root, run the server from the same depth. Personally I run it from webroot as that feels right to me cd app\webroot then ..\bin\cake server - but as the paths are relative there’s no reason you can’t just cd app\bin then cake server.

This may not help you now, but it could bypass errors you may yet encounter.

Sure, but bin\cake server run from the myapp folder works just fine. It’s wampserver that’s screwing up.

Thanks for the idea tho.

OK, we can close this.

It turns out that authentication 2.0 had a bug with respect to running in subdirectories. It was annoying to discover that in order to update authentication I had to manually adjust version contraints in composer.json, oh well. Upgrading to 2.3.1 fixed the problem. See this post here: