Whoever googles this like I just did, take a look at CakePHP 2.x // 3.x Session.time inconsistent · Issue #10563 · cakephp/cakephp · GitHub
You will most likely have to update your CakePHP2 app/Config/core.php to have:
Configure::write('Session', array(
'defaults' => 'php',
'useForwardsCompatibleTimeout' => true, // ← this
));
Otherwise CakePHP2 will clear your entire session every time you visit the CakePHP3 website.
You will also want to make sure both apps are using:
- the same session cookie_domain and
- the same cookie name (
CAKEPHPinstead ofPHPSESSIDin my case) - different
sessionKeys, or are aware of each other, otherwiseAuth.Userwill get overwritten