CakePHP REST webservice and authentication, how to handle

I've followed the guide about authentication in CAKEPHP http://www.google.com/url?sa=D&q=http://book.cakephp.org/view/1250/Authentication

And I followed the guide on how to set REST webservice: http://book.cakephp.org/view/1239/The-Simple-Setup

This is exactly my app_controller:

class AppController开发者_开发问答 extends Controller {
    var $components = array('DebugKit.Toolbar', 'Session', 'Auth');
    var $helpers = array('Html','Javascript', 'Session', 'Ajax', 'Facebook.Facebook');

    function beforeFilter()
    {
        // importa modello Season
        $this->Season = ClassRegistry::init('Season');

        // ricava la variabile di sessione
        $id = $this->Session->read('editable_season_id');

        // verifica se tale id è esistente
        $exist = $this->Season->exist($id);

        // se non esiste o è un valore non valido o è nullo
        if((is_null($id)) || (!is_numeric($id) || (!$exist)))
        {    
            // cerca l'id della stagione più recente
            $id = $this->Season->getLastSeasonId();

            // se esiste assegnalo ad una var di sessione
            if($id)
            {
                $this->Session->write("editable_season_id", $id);
                $title = $this->Season->getSeasonName($id);
                $this->Session->write("editable_season_title", $title);
                $this->redirect($this->referer());
            } else { // altrimenti lancia errore
                $seasons = $this->Season->getSeasons();
                $this->cakeError('defaultSesonNotFound', array('seasons' => $seasons));
            }       
        }
     }
}

Now in every controllers I overwrite beforeFilter function, and allow some action. For example I want to share my REST with everyone, so in my controller:

function beforeFilter()    {
   parent::beforeFilter();
   $this->Auth->allow('showMatchesBySeasonId', 'matchDetails', 'view');
}

where view is the name of my REST service. The first time I call VIEW function I will redirected to the login action. If I call again VIEW it will be executed without problem and info is showed, and there will be no problem until a cookie named "CAKEPHP" will be stored in my computer (if I flush memory cache there will be the same problem). Why? How can I avoid this behavior?

Regards!

I've noticed issues like this happening with the Session component. Try using Cookie instead.

class AppController extends Controller {
    var $components = array('DebugKit.Toolbar', 'Cookie', 'Auth');
    var $helpers = array('Html','Javascript', 'Ajax', 'Facebook.Facebook');

    function beforeFilter()
    {
        // importa modello Season
        $this->Season = ClassRegistry::init('Season');

        // ricava la variabile di sessione
        $id = $this->Cookie->read('editable_season_id');

        // verifica se tale id è esistente
        $exist = $this->Season->exist($id);

        // se non esiste o è un valore non valido o è nullo
        if((is_null($id)) || (!is_numeric($id) || (!$exist)))
        {    
            // cerca l'id della stagione più recente
            $id = $this->Season->getLastSeasonId();

            // se esiste assegnalo ad una var di sessione
            if($id)
            {
                $this->Cookie->write("Season.editable_id", $id);
                $title = $this->Season->getSeasonName($id);
                $this->Cookie->write("Season.editable_title", $title);
                $this->redirect($this->referer());
            } else { // altrimenti lancia errore
                $seasons = $this->Season->getSeasons();
                $this->cakeError('defaultSesonNotFound', array('seasons' => $seasons));
            }       
        }
     }
}

Also, you'll notice that I set your Cookie->write() key to "Season.editable_id". You can use sesssion/cookie as a multi-dimensional array using the ".". I find it better practice so that you're not overwriting key/val pairs.