Share Database Sessions between cakephp 2 and cakephp 3

I’m trying to share sessions between two cakephp apps that are on different subdomains. One is cakephp 2 and other is cakephp 3.

What i have so far:

The two apps are reading sessions from the same database table.
The two apps are writing session cookie “CAKEPHP” to the root domain. i have a

on top of core.php and app.php respectively 3. both apps have the same Security.salt value

What is the problem? When i open the cakephp 2 on one tab, it generates a session cookie with one value. But when i open cakephp 3 on another tab, it generate another value for session cookie. So, when i login on cake2 and then refresh cake 3 on another tab, the session on cake2 get lost.

When researching, i saw that cakephp 3 encrypts the session cookie and cake2 not… But i’m not able to see where can i make cake2 use the same encryption as cake3. Or disable encryption on both, if it will not cause security issues.

Can you help me on this?

1 Like

It is certainly possible to share sessions between CakePHP 2.x and 3.x on the same server, without an encryption issue, though this is not using a database handler. See

There are quite a few options for configuring the session in the docs, including different handlers, and you can set the session.cookie_domain etc. in core.php / app.php respectively:

If your applications are on the same server, you might prefer to set the same cookie path, rather than the same domain, though you seem to have got that working.

If you applications are on different servers, here are some ways of doing it in php:

This doesn’t specifically answer your question about the database handler, but it may help.

1 Like

Whoever googles this like I just did, I updated the linked thread Migrating from Cakephp 2 to Cakephp 3 one module at once with the solution on how to prevent the shared session data from being lost.