CakePHP session should not started on certain controller actions

1
votes

I am using session handling using Database. For some webservice calls using RequestHandler I want to stop auto session create for these some certain action of controller

My question: How can I stop auto session start in some actions of the controller? Please note that I defined Auth component in AppController. Is there any way stop session in action? Do I need to use $this->Session->destroy() in action?

Clarification

On each webservice call It creates a new session row in database. but I don't use any session feature in action.i.e. If anybody call 10 times a action it creates 10 sessions. I feel it will create database space and time overhead.

Apply New changes as suggested

Could not get proper result by using this

 // overwrite constructClasses() for remove session in certain actions
     public function constructClasses() {
         // remove the Session from components again here
         // either globally or for certain actions

         if (in_array($this->action,  array('test1','test2'))) {
            foreach($this->components as $key => $val){
                if($val =='Session'){
                   unset($this->components[$key]);
                }
            }    
         }
         parent::constructClasses();
     }

But still new session Id created on test1 0r test2 by API Call

// out put of below code.
function beforeFilter() {
    pr($this->components);     
}


Array
(
    [Cookie] => 
    [Auth] => Array
        (
            [loginAction] => Array
                (
                    [controller] => resources
                    [action] => login
                )


        [loginRedirect] => Array
            (
                [controller] => resources
                [action] => view
            )

        [logoutRedirect] => Array
            (
                [controller] => resources
                [action] => login
            )

        [authenticate] => Array
            (
                ......

            )

    )

[Security] => Array
    (
        [csrfExpires] => +1 hour
    )

[RequestHandler] => 




)
1
cakephpcakephp-2.0cakephp-2.1
"Do I need to use $this->Session->destroy() in action" => session not starting is not the same as destroying sessions.. What is your exact Cake Version? it cannot be 2.0 and 2.1 - mark
I have updated question - Amit Kumar Sharma

1 Answers

3
votes

The key is to not access the session in those actions. As long as you don't access it the session will not start itself.

So either try $this->Auth->allow() for those to prevent cake to check your Auth session, or remove the Auth component alltogether from this controller:

// overwrite constructClasses()
public function constructClasses() {
     // remove the Auth/Session from components again here
     // either globally or for certain actions
     if (in_array($this->action, $myListOfActions)) {
         // ...
     }
     parent::constructClasses();
}

Also make sure you don't read the session from your AppController callbacks (beforeFilter/render etc).

Either way, make sure nothing tries to look into the session. Also note, that there have been some recent improvements to prevent unnecessary session lookups in 2.3 regarding Auth AFAIK. You might want to try that if the above fails.

I would also advice you to separate your controller actions into real API ones and non-api ones. Don't mix those two! This avoids the action based separation you seem to be needing. Just have a webservice controller (session free) and a backend controller (user/session) etc. They can still share/use the same model.