Creating All User-Related Code; Authentication (Login and Logout); Authorization (who's allowed to access what) . Controller { // public function initialize() { $this->loadComponent('Flash'); to not require a login for all index() and view() actions, in every controller. You should not add the "login" action to allow list..