Token Cookie Exposure Minimization Made Optional
The token cookie exposure minimization behavior is now configurable. Minimization requires two redirects at the start of each session: one to the authentication page, and one back. The token cookies are only sent by the browser on the authentication page, thereby minimizing their exposure.
Besides increasing initial site loading times, this may cause compatibility issues with other aspects of the CakePHP application. Therefore, it may be desirable to lose some security over increased usability.