I know that this method answers the question "Is the current session valid?", but I don't see why it would ever be invalid. I've read the source for this method, but I still don't get it. From what I can gather, it has to do with whether the session data has expired, but I'm not sure.
This may pertain to an older version of Cake because I don't see it in the latest docs, but it's in the version that I'm using.
It would be invalid if you destroyed it. For example, you want to clear out all Session data for a logged in user once they logout. The client may try to use the Session ID they have in their in memory cookie on the next post to the server but the server had already destroyed that session.
if ($this -> Session -> valid())
{
$this -> Session -> destroy();
$this -> redirect('/');
}
Another would be if the session timed out on the server and/or the client tried to sync with the server using a bad/false session ID.
It might be invalid if useragent changed between requests (if checking is enabled) or if session expired.