Home/ Questions/Q 6135015
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T17:25:41+00:00

I’m trying to wrap my head round how the auth component authenticates. Currently my

  • 0

I’m trying to wrap my head round how the auth component authenticates.

Currently my AppController looks something like this.

class AppController extends Controller 
{
    var $components = array('Auth', 'Session');

    function beforeFilter() 
    {
        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
    }
}

If I was to leave my login action completely empty, the auth component will still try to authenticate when the user reaches the login page.

Is this how it should be? Couldn’t this be a problem if it’s always trying to authenticate?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If the requested action is the action configured in AuthComponent::loginAction (UserController::login by default) and $this->data contains the fields configured in AuthComponent::userModel/AuthComponent::fields (User.username and User.password by default), the AuthComponent will try to authenticate the current user. It’ll automatically try this after Controller::beforeFilter was executed but before the requested action is called. If the login was successful (and any additional restrictions you may have applied in the AuthComponent configuration have cleared), it’ll redirect to where the user came from, otherwise it’ll execute the requested action as usual.

    So no, this won’t pose a problem, since it’ll only attempt authentication under these particular circumstances.

    • 0