Login does not work, after a while

Hi there,

i programming a new website with version 3.8.1 and at the beginning war everything fine. I had added the login and was working good. After some updates on my code and adding some new sites, the login doesnt work anymore. I can create a new account, but dont login.

I think, the system open no session.

With print_r I get only the number 1:


public function login()
if ($this->request->is(‘post’)) {
$user = $this->Auth->identify();
if ($user) {

            return $this->redirect(['controller' => 'charactersheet', 'action' => 'index']);
            #return $this->redirect($this->Auth->redirectUrl());
        $this->Flash->error('Your username or password is incorrect.');

public function validationDefault(Validator $validator)
->allowEmptyString(‘id’, null, ‘create’);

        ->maxLength('username', 256)

        ->maxLength('password', 256)

        ->maxLength('sprache', 3)

        ->allowEmptyString('mod', 0, 'create');

    return $validator;

 * Returns a rules checker object that will be used for validating
 * application integrity.
 * @param \Cake\ORM\RulesChecker $rules The rules object to be modified.
 * @return \Cake\ORM\RulesChecker
public function buildRules(RulesChecker $rules)

    return $rules;

protected $_accessible = [
‘username’ => true,
‘password’ => true,
‘email’ => true,
‘sprache’ => true,
‘geburtstag’ => true,
‘mod’ => true

 * Fields that are excluded from JSON versions of the entity.
 * @var array
protected $_hidden = [

protected function _setPassword($value)
    if (strlen($value)) {
        $hasher = new DefaultPasswordHasher();

        return $hasher->hash($value);

public function initialize()

    $this->loadComponent('RequestHandler', [
        'enableBeforeRedirect' => false,

     * Enable the following component for recommended CakePHP security settings.
     * see https://book.cakephp.org/3.0/en/controllers/components/security.html

    $this->loadComponent('Auth', [
        'authenticate' => [
            'Form' => [
                'fields' => [
                    'email' => 'email',
                    'password' => 'password'
        'loginAction' => [
            'controller' => 'Users',
            'action' => 'login'
        // If unauthorized, return them to page they were just on
        'unauthorizedRedirect' => $this->referer()

    // Allow the display action so our PagesController
    // continues to work. Also enable the read only actions.
    $this->Auth->allow(['display', 'login', 'impressum', 'datenschutz', 'aboutus', 'kontakt', 'home']);


what have I done wrong?
Thanks for your help

in authenticate fields are username/password not email/password

  • fields The fields to use to identify a user by. You can use keys username and password to specify your username and password fields respectively.

also note that Auth component will be depracated in 4.0


It’s the result of experimenting. Corrected it again.

If I log in now nothing happens. I don’t even get an error message that my password or similar is wrong. So apparently it doesn’t even call the usercontroller.

Also don’t see any error in the error.log or similar.


$this->loadComponent(‘Auth’, [
‘authenticate’ => [
‘Form’ => [
‘fields’ => [
‘username’ => ‘username’,
‘password’ => ‘password’
‘loginAction’ => [
‘controller’ => ‘Users’,
‘action’ => ‘login’
// If unauthorized, return them to page they were just on
‘unauthorizedRedirect’ => $this->referer()

  1. how do you check if user is logged?
  2. show view/template for login form
<?php if ($this->getRequest()->getSession()->read('Auth.User.username')) : ?>

I cant open any other site. The site redirect me to the login. I don’t know what I changed in the last days, so that the login doesn’t work anymore.

login temp <?= $this->Html->css('login.css') ?>
Sign In <?= $this->Html->link( 'SIGN UP', ['controller' => 'users', 'action' => 'add', '_full' => true] ); ?>
<?= $this->Form->create() ?>
Email <?= $this->Form->control('username', ['class' => 'input', 'required' => true]) ?>
Password <?= $this->Form->control('password', ['class' => 'input', 'required' => true]) ?>
Keep me Signed in
<?= $this->Form->button('Login', ['class' => 'button']) ?>
            <div class="hr"></div>
            <div class="foot-lnk">
                <a href="#forgot">Forgot Password?</a>
            <?= $this->Form->end() ?>


try setting authorize to false to disable check for permissions or

'authorize' => 'Controller',

and in `AppController

public function isAuthorized($user = null)
    return true;

to pass anyone whos logged

Where does this part go? -> ‘authorize’ => ‘Controller’,


I’m sorry, it doesn’t help. Before it worked without the customizations. I only added new pages in the last days and some under $this->Auth->allow. But undoing them doesn’t help either.

in the AppController::initialize try adding dd($this->Auth->user()); at the bottom after trying to login in

I got the message null.

hmm from what you have posted up to this point your code looks ok

whats length of your password field in database? IIRC it should be > 62 or even 255 for future proof

It is VARCHAR(256)

Have cakephp some logger for more details?

yup but it logs only errors and warnings, you can enable query log in app.php

Query works fine and get data.


2019-07-28 18:46:05 Debug: duration=26 rows=1 SELECT Users.id AS Users__id, Users.username AS Users__username, Users.password AS Users__password, Users.email AS Users__email, Users.sprache AS Users__sprache, Users.geburtstag AS Users__geburtstag FROM users Users WHERE Users.username = ‘test’ LIMIT 1

#0 \vendor\cakephp\cakephp\src\Http\ActionDispatcher.php(120): Cake\Controller\Controller->invokeAction()
#1 \vendor\cakephp\cakephp\src\Http\ActionDispatcher.php(94): Cake\Http\ActionDispatcher->_invoke(Object(App\Controller\UsersController))
#2 \vendor\cakephp\cakephp\src\Http\BaseApplication.php(235): Cake\Http\ActionDispatcher->dispatch(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#3 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Http\BaseApplication->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#4 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#5 \vendor\cakephp\cakephp\src\Http\Middleware\CsrfProtectionMiddleware.php(123): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#6 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Http\Middleware\CsrfProtectionMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#7 \vendor\cakephp\cakephp\src\Http\Runner.php(51): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#8 \vendor\cakephp\cakephp\src\Routing\Middleware\RoutingMiddleware.php(168): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#9 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Routing\Middleware\RoutingMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#10 \vendor\cakephp\cakephp\src\Routing\Middleware\AssetMiddleware.php(97): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#11 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Routing\Middleware\AssetMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#12 \vendor\cakephp\cakephp\src\Error\Middleware\ErrorHandlerMiddleware.php(96): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#13 \vendor\cakephp\cakephp\src\Http\Runner.php(65): Cake\Error\Middleware\ErrorHandlerMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#14 \vendor\cakephp\debug_kit\src\Middleware\DebugKitMiddleware.php(53): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#15 \vendor\cakephp\cakephp\src\Http\Runner.php(65): DebugKit\Middleware\DebugKitMiddleware->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response), Object(Cake\Http\Runner))
#16 \vendor\cakephp\cakephp\src\Http\Runner.php(51): Cake\Http\Runner->__invoke(Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#17 \vendor\cakephp\cakephp\src\Http\Server.php(98): Cake\Http\Runner->run(Object(Cake\Http\MiddlewareQueue), Object(Cake\Http\ServerRequest), Object(Cake\Http\Response))
#18 \webroot\index.php(40): Cake\Http\Server->run()
#19 {main}
Request URL: /users/img/background.jpg
Referer URL: http://localhost/users/login?redirect=%2Fcharactersheet

Found it…

The Session config in app.php was the problem.

Thanks for your help and have a nice evening.

Query works fine, try once more :face_with_raised_eyebrow: