CakePHP User Authentication with Auth Component

When we talk about user authentication, it means there are two type of pages. One that a user can access only after logging in such as posting comments and other where user is allowed to access without any prior login such as products browsing page, etc. User Authentication makes sure that if a user tries to access a page which application denies free access, it redirects the user to logging page and after a successful login brings back to the requested page. Cake provides a very simple and handy User authentication module called Auth component to do this. How does it work: Auth component catches the request before it reaches before filter of the controller and checks if the page is allowed to be displayed Requirements: A users table with username and password as fields. These are the defaults by cake standard. These variables can be defined in before filter of controller. How to do it: 1. Add the Auth to your component lists for the controller in question. I prefer to do it in App controller as usually Auth is required through out the application.
var $components = array('Auth');
2. Define Login/Logout action in users_controller.php
function login()
{
}

function logout(){
	$this->Session->setFlash('Logout');
	$this->redirect($this->Auth->logout());
}
3. A login view for the user in app/views/users/login.ctp
<?php
    echo $form->create('User', array('action' => 'login'));
    echo $form->input('username');
    echo $form->input('password');
    echo $form->end('Login');
?>
4. Settings in Before filter in the controller where Auth is defined in list of components. App_controller for me.
function beforeFilter(){
	// loginAction defines the action which should be used to login. By default users/login
	$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');

	// loginRedirect defines the action called after user is logged in first time.
	$this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'home');

	// Allows the display action to be accessed without user login.
	$this->Auth->allow('display');
	$this->Auth->authorize = 'controller';
}
5. Defining Auth->allows and Denys By default Auth restricts access to every action except the login and logout methods. You need to define individual in your controller which action to allow. It might be cumbersome to define each action in this list. so the magic word is ‘*’
$this->Auth->allow('*'); // allows all the actions in the controller under auth allow.
6. Accessing Authorized user in controllers. Auth stores all the information in session and can be retrieved via:
$this->Auth->user(); // returns the User record information at the time of logging in
$this->Auth->user('id'); // when passed a field, this function returns the field value instead of whole array.
Pitfalls: The biggest pitfall of using the Auth comes in the redirect. When a user fills a form and the action is in denied list, user will be redirected to the login page followed by the action page. By then, all the information of form is lost as Auth DOES NOT retrieve form or POST data. Reference: Cakephp Book