I've been working with cakePHP 2.3 for little while now and i've seen a lot of people using $this->Session->read('Auth.User.id')
, especially in views. I'm however wondering how secure that is. Should you not create in the AppController something like
function beforeRender() {
if(!empty($this->Auth->user())) {
$this->set('authUser',$this->Auth->user());
}
}
to check the user in your views? I can't find any clarification about this in the manual or elsewhere. Is Session secure enough to be counted on?