Configuration setting 'Security.level' in CakePHP 2.x still used?

Question

I can't find any reference to the Security.level configuration setting from Cake 1.3 in the CakePHP 2.2 manual.

I also can't find any reference to this setting in the migration guide.

This setting had a big impact on the session timer in Cake 1.3.

Security.level

The level of CakePHP security. The session timeout time defined in ‘Session.timeout’ is multiplied according to the settings here.

'high' = x 10 'medium' = x 100 'low' = x 300 'high' and 'medium' also enable session.referer_check

Has this setting in the config.php of an application been removed in CakePHP 2.x?

Answer 1

No the setting has not been removed

It still exists in core.php

/**
 * The level of CakePHP security.
 */
Configure::write('Security.level', 'medium');

But...

It's not used in 2.x.

The only reference to this setting is in Security::inactiveMins - which isn't called by anything else. Therefore, while there is still an artefact of this setting left over in 2.x, the intention of this setting has been removed and hence it's not in the 2.x docs.