Using CakePHP2.0 Beta I managed to write a custom login handler for my existing database schema. All’s well, except that upon logging in I printed out the session variables stored and what Cake’s Auth component did is store the entire record from the “Member” table (where my usernames+hashes come from) in session. It is storing an array with data fields that are totally irrelevant to the session. For instance it stores the date the member was created, their address, etc. All pretty useless information for me as I basically only need their ID and maybe username, name, email address.

The offending lines for me are found in: /lib/Cake/Controller/Component/AuthComponent.php line 512. It states,

$this->Session->write(self::$sessionKey, $user);

So my custom authenticate component returns $user and it throws this whole thing into the session. Now, I don’t want to go about editing in the core libraries because this project is definitely going to be upgraded when 2.0 comes out. Is there any way to store less information in sessions? I want to keep this whole thing more lightweight.

Possible solution: Change my custom authentication component to only return the fields I need into the $user variable. Are there any concerns about what data I should/shouldn’t be returning?