What are the implications of using 'low' security in cakephp?

Question

I had an authentication problem in cakephp, when positing credentials from an external site the authentication would work, and then get immediately lost, with the site promp

Answer 1

When security is high, a new session ID get generated on every request. It is practically impossible to create a single-sign-on solution between two applications by sharing a session cookie in this case, since Cake will constantly change the session ID without notifying the other application.

When security is medium (or higher), session.referer_check is enabled.

When security is low, you don't have either of the above features, but it is still just as secure as any average PHP website/CMS out there.