Migrating from Cakephp 2 to Cakephp 3 one module at once


Is it possible to have an application written in CakePhp version 2.5 and a new version using CakePhp
3 coexisting ? and sharing the authentication session ?

Just to try to migrating one module at once from version 2 to version 3 from an huge CakePHP aplication.

Can the two versions coexists for one single application ?

Anyone already tried and have some issues using this aproach ?


I’m doing a migration from 2 to 3 on an apache server at the moment. So far I have managed to make them coexist using a virtualhost with the root directory one level above both application directories, so that the structure is

  • /rootdir/
    • cakephp2site/
      • app/
        • webroot/
    • cakephp3site/
      • webroot/

Then, using a .htaccess file within rootdir, I have

RewriteEngine on RewriteRule ^users(.*)$ cakephp3site/webroot/$1 [L] RewriteRule ^$ cakephp2site/app/webroot/ [L] RewriteRule (.*) cakephp2site/app/webroot/$1 [L]

To explain, my users controller is cakephp 3 ready, so anything with /users can be routes to the cakephp 3 application. Everything else goes to the cakephp 2 application until I’ve done the changes.

As for auth, if running on the same instance, the php cookie name is PHPSESSID for cakephp 2 and CAKEPHP by default in cakephp 3, but this can be renamed at the bottom of app.php with

'Session' => [
    'defaults' => 'php',
	'cookie' => 'PHPSESSID' //<-- add this line
1 Like

Whoever googles this like I just did, take a look at CakePHP 2.x // 3.x Session.time inconsistent · Issue #10563 · cakephp/cakephp · GitHub

You will most likely have to update your CakePHP2 app/Config/core.php to have:

Configure::write('Session', array(
	'defaults' => 'php',
	'useForwardsCompatibleTimeout' => true, // ← this

Otherwise CakePHP2 will clear your entire session every time you visit the CakePHP3 website.

You will also want to make sure both apps are using:

  • the same session cookie_domain and
  • the same cookie name (CAKEPHP instead of PHPSESSID in my case)
  • different sessionKeys, or are aware of each other, otherwise Auth.User will get overwritten