CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Real-Time Notifications? You Might Not Need WebSockets

Written by Arodriguez on December 19, 2025
38 VIEWS

This article is part of the CakeDC Advent Calendar 2025 (December 20th 2025)

As PHP developers, when we hear "real-time," our minds immediately jump to WebSockets. We think of complex setups with Ratchet, long-running server processes, and tricky Nginx proxy configurations. And for many applications (like live chats or collaborative editing) WebSockets are absolutely the right tool.

But, if you don't need all that complexity or if you just want to push data from your server to the client? Think of a new notification, a "users online" counter, or a live dashboard update. For these one-way-street use cases, WebSockets are often overkill.

Enter Server-Sent Events (SSE). It's a simple, elegant, and surprisingly powerful W3C standard that lets your server stream updates to a client over a single, long-lasting HTTP connection.

SSE vs. WebSockets: The Showdown

The most important difference is direction.

  • WebSockets (WS): Bidirectional. The client and server can both send messages to each other at any time. It's a two-way conversation.
  • Server-Sent Events (SSE): Unidirectional. Only the server can send messages to the client. It's a one-way broadcast.

This single difference has massive implications for simplicity and implementation.

Feature Server-Sent Events (SSE) WebSockets (WS)
Direction Unidirectional (Server ➔ Client) Bidirectional (Client ⟺ Server)
Protocol Just plain HTTP/S A new protocol (ws://, wss://)
Simplicity High. simple API, complex ops at scale Low. Requires a special server.
Reconnection Automatic! The browser handles it. Manual. You must write JS to reconnect.
Browser API Native EventSource object. Native WebSocket object.
Best For Notifications, dashboards, live feeds. Live chats, multiplayer games, co-editing.

Pros for SSE:

  • It's just HTTP. No new protocol, no special ports.
  • Automatic reconnection is a life-saver.
  • The server-side implementation can be a simple controller action.

Cons for SSE:

  • Strictly one-way. The client can't send data back on the same connection.
  • Some older proxies or servers might buffer the response, which can be tricky.

Infrastructure Note:

Since SSE keeps a persistent connection open, each active client will occupy one PHP-FPM worker. For high-traffic applications, ensure your server is configured to handle the concurrent load or consider a non-blocking server like RoadRunner. Additionally, using HTTP/2 is strongly recommended to bypass the 6-connection-per-domain limit found in older HTTP/1.1 protocols

The Implementation: A Smart, Reusable SSE System in CakePHP

We're not going to build a naive while(true) loop that hammers our database every 2 seconds. That's inefficient.

Instead, we'll build an event-driven system. The while(true) loop will only check a cache key. This is lightning-fast. A separate "trigger" class will update that cache key's timestamp only when a new notification is actually created.

This design is clean, decoupled, and highly performant.

Note:

This example uses CakePHP, but the principles (a component, a trigger, and a controller) can be adapted to any framework like Laravel or Symfony.

1. The Explicit SseTrigger Class

First, we need a clean, obvious way to "poke" our SSE stream. We'll create a simple class whose only job is to update a cache timestamp. This is far better than a "magic" Cache::write() call hidden in a model.

src/Sse/SseTrigger.php

<?php
namespace App\Sse;

use Cake\Cache\Cache;

/**
 * Provides an explicit, static method to "push" an SSE event.
 * This simply updates a cache key's timestamp, which the
 * SseComponent is watching.
 */
class SseTrigger
{
    /**
     * Pushes an update for a given SSE cache key.
     *
     * @param string $cacheKey The key to "touch".
     * @return bool
     */
    public static function push(string $cacheKey): bool
    {
        // We just write the current time. The content doesn't
        // matter, only the timestamp.
        return Cache::write($cacheKey, microtime(true));
    }
}

CRITICAL PERFORMANCE WARNING: The PHP-FPM Bottleneck

In a standard PHP-FPM environment, each SSE connection is synchronous and blocking. This means one active SSE stream = one locked PHP-FPM worker.

If your max_children setting is 50, and 50 users open your dashboard, your entire website will stop responding because there are no workers left to handle regular requests.

How to mitigate this:

Dedicated Pool: Set up a separate PHP-FPM pool specifically for SSE requests.

Go Asynchronous: Use a non-blocking server like RoadRunner, Swoole or FrankenPHP. These can handle thousands of concurrent SSE connections with minimal memory footprint.

HTTP/2: Always serve SSE over HTTP/2 to bypass the browser's 6-connection limit per domain.

2. The SseComponent (The Engine)

This component encapsulates all the SSE logic. It handles the loop, the cache-checking, the CallbackStream, and even building the final Response object. The controller will be left perfectly clean.

To handle the stream, we utilize CakePHP's CallbackStream. Unlike a standard response that sends all data at once, CallbackStream allows us to emit data in chunks over time. It wraps our while(true) loop into a PSR-7 compliant stream, enabling the server to push updates to the browser as they happen without terminating the request.

src/Controller/Component/SseComponent.php

<?php
namespace App\Controller\Component;

use Cake\Controller\Component;
use Cake\Http\CallbackStream;
use Cake\Cache\Cache;
use Cake\Http\Response;

class SseComponent extends Component
{
    protected $_defaultConfig = [
        'poll' => 2, // How often to check the cache (in seconds)
        'eventName' => 'message', // Default SSE event name
        'heartbeat' => 30, // Keep-alive to prevent proxy timeouts
    ];

    /**
     * Main public method.
     * Builds the stream and returns a fully configured Response.
     */
    public function stream(callable $dataCallback, string $watchCacheKey, array $options = []): Response
    {
        $stream = $this->_buildStream($dataCallback, $watchCacheKey, $options);

        // Get and configure the controller's response
        $response = $this->getController()->getResponse();
        $response = $response
            ->withHeader('Content-Type', 'text/event-stream')
            ->withHeader('Cache-Control', 'no-cache')
            ->withHeader('Connection', 'keep-alive')
            ->withHeader('X-Accel-Buffering', 'no') // For Nginx: disable response buffering
            ->withBody($stream);

        return $response;
    }

    /**
     * Protected method to build the actual CallbackStream.
     */
    protected function _buildStream(callable $dataCallback, string $watchCacheKey, array $options = []): CallbackStream
    {
        $config = $this->getConfig() + $options;

        return new CallbackStream(function () use ($dataCallback, $watchCacheKey, $config) {

            set_time_limit(0); 
            $lastSentTimestamp = null; 
            $lastHeartbeat = time();

            while (true) {
                if (connection_aborted()) {
                    break;
                }

                // 1. THE FAST CHECK: Read the cache.
                $currentTimestamp = Cache::read($watchCacheKey);

                // 2. THE COMPARE: Has it been updated?
                if ($currentTimestamp > $lastSentTimestamp) {

                    // 3. THE SLOW CHECK: Cache is new, so run the data callback.
                    $data = $dataCallback(); 

                    // 4. THE PUSH: Send the data.
                    echo "event: " . $config['eventName'] . "\n";
                    echo "data: " . json_encode($data) . "\n\n";

                    $lastSentTimestamp = $currentTimestamp; 
                    $lastHeartbeat = time();

                } else if (time() - $lastHeartbeat > $config['heartbeat']) {
                    // 5. THE HEARTBEAT: Send a comment to keep connection alive.
                    echo ": \n\n"; 
                    $lastHeartbeat = time();
                }

                if (ob_get_level() > 0) {
                    ob_flush();
                }
                flush();

                // Wait before the next check
                sleep($config['poll']);
            }
        });
    }
}

3. Connecting the Logic (Model & Controller)

First, we use our SseTrigger in the afterSave hook of our NotificationsTable. This makes it clear: "After saving a notification, push an update."

src/Model/Table/NotificationsTable.php (Partial)

use App\Sse\SseTrigger; // Don't forget to import!

public function afterSave(EventInterface $event, Entity $entity, ArrayObject $options)
{
    // Check if the entity has a user_id
    if ($entity->has('user_id') && !empty($entity->user_id)) {

        // Build the user-specific cache key
        $userCacheKey = 'notifications_timestamp_user_' . $entity->user_id;

        // Explicitly trigger the push!
        SseTrigger::push($userCacheKey);
    }
}

Now, our controller action becomes incredibly simple. Its only jobs are to get the current user, define the data callback, and return the component's stream.

src/Controller/NotificationsController.php

<?php
namespace App\Controller;

use App\Controller\AppController;
use Cake\Http\Exception\ForbiddenException;

class NotificationsController extends AppController
{
    public function initialize(): void
    {
        parent::initialize();
        $this->loadComponent('Sse');
        $this->loadComponent('Authentication.Authentication'); 
    }

    public function stream()
    {
        $this->autoRender = false;

        // 1. Get authenticated user
        $identity = $this->Authentication->getIdentity();
        if (!$identity) {
            throw new ForbiddenException('Authentication required');
        }

        // 2. Define user-specific parameters
        $userId = $identity->get('id');
        $userCacheKey = 'notifications_timestamp_user_' . $userId;

        // 3. Define the data callback (what to run when there's an update)
        $dataCallback = function () use ($userId) {
            return $this->Notifications->find()
                ->where(['user_id' => $userId, 'read' => false]) 
                ->order(['created' => 'DESC'])
                ->limit(5)
                ->all();
        };

        // 4. Return the stream. That's it!
        return $this->Sse->stream(
            $dataCallback, 
            $userCacheKey, 
            [
                'eventName' => 'new_notification', // Custom event name for JS
                'poll' => 2
            ]
        );
    }
}

4. The Frontend (The Easy Part)

Thanks to the native EventSource API, the client-side JavaScript is trivial. No libraries. No complex connection management.

<script>
    // 1. Point to your controller action
    const sseUrl = '/notifications/stream';
    const eventSource = new EventSource(sseUrl);

    // 2. Listen for your custom event
    eventSource.addEventListener('new_notification', (event) => {
        console.log('New data received!');
        const notifications = JSON.parse(event.data);

        // Do something with the data...
        // e.g., update a <ul> list or a notification counter
        updateNotificationBell(notifications);
    });

    // 3. (Optional) Handle errors
    eventSource.onerror = (error) => {
        console.error('EventSource failed:', error);
        // The browser will automatically try to reconnect.
    };

    // (Optional) Handle the initial connection
    eventSource.onopen = () => {
        console.log('SSE connection established.');
    };
</script>

Ideas for Your Projects

You can use this exact pattern for so much more than just notifications:

  • Live Admin Dashboard: A "Recent Sales" feed or a "Users Online" list that updates automatically.
  • Activity Feeds: Show "John recently commented..." in real-time.
  • Progress Indicators: For a long-running background process (like video encoding), push status updates ("20% complete", "50% complete", etc.).
  • Live Sports Scores: Push new scores as they happen.
  • Stock or Crypto Tickers: Stream new price data from your server.

When NOT to Use SSE: Know Your Limits

While SSE is an elegant solution for many problems, it isn't a silver bullet. You should avoid SSE and stick with WebSockets or standard Polling when:

  • True Bidirectional Communication is Required: If your app involves heavy "back-and-forth" (like a fast-paced multiplayer game or a collaborative whiteboarding tool), WebSockets are the correct choice.
  • Binary Data Streams: SSE is a text-based protocol. If you need to stream raw binary data (like audio or video frames), WebSockets or WebRTC are better suited.
  • Legacy Browser Support (IE11): If you must support older browsers that lack EventSource and you don't want to rely on polyfills, SSE will not work.
  • Strict Connection Limits: If you are on a restricted shared hosting environment with very few PHP-FPM workers and no support for HTTP/2, the persistent nature of SSE will quickly exhaust your server's resources.

Conclusion

WebSockets are a powerful tool, but they aren't the only tool. For the wide array of use cases that only require one-way, server-to-client communication, Server-Sent Events are a simpler, more robust, and more maintainable solution.

It integrates perfectly with the standard PHP request cycle, requires no extra daemons, and is handled natively by the browser.

So the next time you need real-time updates, ask yourself: "Do I really need a two-way conversation?" If the answer is no, give SSE a try.

This article is part of the CakeDC Advent Calendar 2025 (December 20th 2025)

Latest articles

59 Views

QA vs. Devs: a MEME tale of the IT environment

QA testing requires knowledge in computer science but still many devs think of us like  homer-simpson-meme   BUT... morpheus-meme   It is not like we want to detroy what you have created but... house-on-fire-meme   And we have to report it, it is our job... tom-and-jerry-meme   It is not like we think dev-vs-qa   I mean cat-meme   Plaeas do not consider us a thread :) willy-wonka-meme 0/0/0000 reaction-to-a-bug   Sometimes we are kind of lost seeing the application... futurama-meme   And sometimes your don't believe the crazy results we get... ironman-meme   I know you think aliens-meme   But remmember we are here to help xD the-office-meme   Happy Holidays to ya'll folks! the-wolf-of-wallstreet-meme   PS. Enjoy some more memes   feature-vs-user   hide-the-pain-harold-meme   idea-for-qa   peter-parker-meme   meme   dev-estimating-time-vs-pm    

Written by Rcardoso on December 17, 2025

76 Views

The Inflector (Or why CakePHP speaks better English than me)

This article is part of the CakeDC Advent Calendar 2025 (December 18th 2025) I have been working with CakePHP for more than 15 years now. I love the conventions. I also love that I don't have to configure every single XML file, like in the old Java days. But let's be honest: as a Spanish native speaker, naming things in English can sometimes be a nightmare. In Spanish, life is simple. You have a Casa (house), you add an "s", you have Casas (houses). You have a Camión (truck), you add "es", you have Camiones (trucks). Logic! But in English? You have a mouse, and suddenly you have mice. You have a person, and it becomes people. You have a woman and it becomes women. This is why the Inflector class is not just a utility for me. It is my personal English teacher living inside the /vendor folder.

It covers my back

When I started with CakePHP 15 years ago, I was always scared to name a database table categories. I was 100% sure that I would break the framework because I would name the model Categorys or something wrong. But! CakePHP knows better. It knows irregular verbs and weird nouns better than I do. use Cake\\Utility\\Inflector; // The stuff I usually get right echo Inflector::pluralize('User'); // Users // The stuff I would definitely get wrong without coffee echo Inflector::pluralize('Person'); // People echo Inflector::pluralize('Child'); // Children

Variable Naming (CamelCase vs underscore)

The other battle I have fought for 15 years is the variable naming convention. Is it camelCase? Is it PascalCase? Is it underscore_case? My brain thinks in Spanish, translates to English, and then tries to apply PSR-12 standards. It is a lot of processing power. Fortunately, when I am building dynamic tools, I just let the Inflector handle the formatting: // Converting my database column to a nice label echo Inflector::humanize('published_date'); // Output: Published Date // Converting a string to a valid variable name echo Inflector::variable('My Client ID'); // Output: myClientId

When Spanglish happens

Of course, after so many years, sometimes a Spanish word slips into the database schema. It happens to the best of us. If I create a table called alumnos (students), CakePHP tries its best, but it assumes it is English.
Inflector::singularize('alumnos') -> Alumno (It actually works! Lucky.)
But sometimes it fails funny. If I have a Jamon (Ham), Cake thinks the plural is Jamons. So, for those rare moments where my English fails, I can teach the Inflector a bit of Spanish in bootstrap.php: Inflector::rules('plural', \[ '/on$/i' \=\> 'ones' // Fixing words ending in 'on' like Cajon, Jamon... \]);

Conclusion

We talk a lot about the ORM, Dependency Injection, and Plugins. Today however, I wanted to say "Gracias" to the humble Inflector. It has saved me from typos and grammar mistakes since 2008. Challenge for today: Go check your code. Are you manually formatting strings? Stop working so hard and let the Inflector do it for you. This article is part of the CakeDC Advent Calendar 2025 (December 18th 2025)

Written by Ajibarra on December 16, 2025

78 Views

Uploading Files with CakePHP and Uppy directly to Amazon S3

Uploading Files with CakePHP and Uppy: Direct to S3

Modern web applications increasingly require fast, resilient, and user‑friendly file uploads. Whether it’s profile photos, documents, or large media files, users expect progress indicators, drag‑and‑drop, and reliable uploads even on unstable connections. In this article, we’ll look at how to combine CakePHP on the backend with Uppy on the frontend, and how to upload files directly to Amazon S3 using signed requests.

Why Uppy for Direct S3 Uploads??

Uppy is a modular JavaScript file uploader built by the team behind Transloadit. It provides a polished upload experience out of the box and integrates well with modern backends.

Key advantages

  • Direct-to-Cloud Uploads: File data flows directly from the user's browser to the S3 bucket, without passing through your CakePHP server.
    • Lower Server Load and Cost: Your server only generates a short-lived, secure pre-signed URL. The actual file transfer avoids the “double handling,” drastically reducing your application's bandwidth consumption and infrastructure footprint.
    • Better Performance: By eliminating your application server as a middleman, uploads complete faster. Uppy can also utilize S3's multipart upload capabilities for improved throughput and reliability for large files.
  • Excellent UX: Drag-and-drop support, progress bars, previews, and retry support.
  • Modular Architecture: Only load the necessary plugins.
  • Framework‑agnostic: Works seamlessly with CakePHP.

Architecture Overview

  • This scalable and production-friendly approach uses the following flow:
  • The browser initializes Uppy.
  • CakePHP provides temporary S3 credentials or signed URLs (Authorization).
  • Uppy uploads files directly to S3 (Data Transfer).
  • CakePHP stores metadata (filename, path, size, etc.) if needed (Database Record).

Architecture Overview

This scalable and production-friendly approach uses the following flow:
  1. The browser initializes Uppy
  2. CakePHP provides temporary S3 credentials or signed URLs (Authorization)
  3. Uppy uploads files directly to S3 (Data Transfer).
  4. CakePHP stores metadata (filename, path, size, etc.) if needed (Database Record).

Prerequisites

  • CakePHP 5.x (or 4.x with minor adjustments)
  • AWS account with an S3 bucket
  • AWS SDK for PHP
  • A modern browser to use Uppy's MJS modules

Installing Dependencies

Backend (CakePHP)

Install the required AWS SDK for PHP via Composer: composer require aws/aws-sdk-php Configure your AWS credentials (environment variables recommended): AWS_ACCESS_KEY_ID=your-key AWS_SECRET_ACCESS_KEY=your-secret AWS_REGION=eu-west-1 AWS_BUCKET=your-bucket-name

Frontend (Uppy)

Instead of a build step, we will use Uppy's modular JS files directly from a Content Delivery Network (CDN), which is simpler for many CakePHP applications. We will load the required modules—Uppy, Dashboard, and AwsS3—directly within the <script type="module"> tag in your view.

Creating the CakePHP Endpoint

We need a CakePHP endpoint to securely generate and return the necessary S3 upload parameters (the pre-signed URL) to the browser.

Controller

// src/Controller/UploadsController.php namespace App\Controller; use Aws\S3\S3Client; use Cake\Http\Exception\UnauthorizedException; class UploadsController extends AppController { public function sign() { $this->getRequest()->allowMethod(['post']); // 1. Initialize S3 Client using credentials from environment $s3Client = new S3Client([ 'version' => 'latest', 'region' => env('AWS_REGION'), 'credentials' => [ 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), ], ]); // Define a unique path with a placeholder for the actual filename $path = 'uploads/' . uniqid() . '/${filename}'; // 2. Create the command for a PutObject request $command = $s3->getCommand('PutObject', [ 'Bucket' => env('AWS_BUCKET');, 'Key' => $path, 'ACL' => 'private', 'ContentType' => '${contentType}', ]); // 3. Generate the pre-signed URL (valid for 15 minutes) $presignedRequest = $s3->createPresignedRequest($command, '+15 minutes'); $this->set([ 'method' => 'PUT', 'url' => (string)$presignedRequest->getUri(), '_serialize' => ['method', 'url'], ]); } } Add a route: // config/routes.php $routes->post('/uploads/s3-sign', ['controller' => 'Uploads', 'action' => 'sign']);

Frontend: Initializing Uppy and the S3 Plugin

Place the following code in your CakePHP view along with the HTML container for the uploader: <div id="uploader"></div> <script type="module"> // Load Uppy modules directly from CDN (v5.2.1 example) import { Uppy, Dashboard, AwsS3 } from 'https://releases.transloadit.com/uppy/v5.2.1/uppy.min.mjs' const uppy = new Uppy({ autoProceed: false, restrictions: { maxNumberOfFiles: 5, allowedFileTypes: ['image/*', 'application/pdf'], }, }) uppy.use(Dashboard, { inline: true, target: '#uploader', }) // Configure the AwsS3 plugin to fetch parameters from the CakePHP endpoint uppy.use(AwsS3, { async getUploadParameters(file) { const response = await fetch('/uploads/s3-sign', { method: 'POST', headers: { 'Content-Type': 'application/json', }, }) const data = await response.json() // 2. Return the parameters Uppy needs for the direct upload return { method: data.method, url: data.url, headers: { 'Content-Type': file.type, }, } }, }) uppy.on('complete', (result) => { console.log('Upload complete:', result.successful) }) </script>

Storing File Metadata (Optional but Recommended)

Once the direct S3 upload is successful, you must notify your CakePHP application to save the file's metadata (e.g., the S3 key) in your database. uppy.on('upload-success', (file, response) => { fetch('/files/save', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ name: file.name, size: file.size, type: file.type, s3_key: response.uploadURL, }), }) })

Security Considerations

Remember to implement robust security checks in your sign controller action:
  • Authenticate users: Ensure the user is logged in and authorized before issuing S3 parameters.
  • Restrict Input: Restrict allowed MIME types and maximum file size.
  • Access Control: Use private S3 buckets and serve files via signed URLs to maintain security.
  • Time Limit: Set short expiration times for the pre-signed requests (e.g., the +15 minutes in the example).

Conclusion

Combining CakePHP and Uppy gives you the best of both worlds: a robust PHP backend and a modern, user‑friendly upload experience. By uploading directly to Amazon S3, you reduce server load, successfully reduce server load, improve scalability, and ensure reliable, fast large file uploads. This setup allows your backend to focus on validation, authorization, and business logic rather than raw data transfer.

Written by Areveron on December 15, 2025

We Bake with CakePHP