CakePHP and REST Api for ionic (angular) app

Hello I try to setup cakephp for rest client (with login auth) for ionic (angular) app.

Ok, I configure CakePhp like this setup tutorial and for example I get data that:

public function projects()
{

    $projects = $this->Projects->find('all');
    $this->set([
        'projects' => $projects,
        '_serialize' => ['projects']
    ]);
}

and get data via $.http in Ionic

This work perfectly but I try to configure cake auth for mobile client.

I don't know how I do this. In my Resttest Controller i wrote code where set session Id for ionic app, but ionic not cache this session and I think is my cakePhp code is wrong.

CakePHP controller:

<?php
namespace App\Controller;

use App\Controller\AppController;
use Cake\Controller\Component\RequestHandlerComponent;
// use Cake\View\Helper\SessionHelper;

class ResttestController extends AppController
{


    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('RequestHandler');
        $this->loadModel('Projects');
        $this->loadModel('Task');
        $this->loadModel('User');
        $this->viewBuilder()->layout(false);
        $this->response->header('Access-Control-Allow-Origin', '*');
        $this->loadComponent('Auth', [
            'loginAction' => [
                'controller' => $this->name,
                'action' => 'login',
                // '_ext'=>'json'
            ],
            'authorize'=>['Controller'],

        ]);

        // Basic setup
        $this->Auth->config('authorize', ['Controller']);
    }


    public function login(){
        header('Access-Control-Allow-Headers: Content-Type, x-xsrf-token');
        $this->response->header('Access-Control-Allow-Methods', '*');


        if($this->request->is('post')){


            $postdata = file_get_contents("php://input");
            $d = json_decode($postdata);

            if($this->Auth->user()){
                $response =array("success"=>2,'msg'=>'logged After');
            }

            // $d = $this->request->data;

            if(!$d->password || !$d->login){
                $response = array("success"=>0,'msg'=>'n');           
            }


            $u = $this->User->find()
                ->where(['email'=>$d->login])
                ->first();


            if($u){
                $salt = $u->salt;
                $input_password = crypt($d->password, '$2y$12$' . $salt);
                $password = $u->password;


                if($password == $input_password){

                    $tok = self::getToken();
                    $u->token = $tok;

                    $out = $this->Auth->setUser($u);




                    $response = array("success"=>1,'msg'=>'logged', 'token'=>$tok, 'out'=>$out,'sadga'=>$this->Auth->identify,'asf'=>$this->Auth,'adsafsfq'=>$d,'$this->request'=>$this->request,'$this->response'=>$this->response,'apache_request_headers '=>apache_request_headers());

                }else{
                    $response = array("success"=>0,'msg'=>'n');
                }


            }else{
                $response = array("success"=>0,'msg'=>'n');
            }

        }else{
                $response =array("success"=>0,'msg'=>'n');

        }

        $this->set([
            'response' => $response,
            '_serialize' => ['response']
        ]);
    }


    private function getToken(){
        return crypt(sha1(md5(uniqid(rand(), true))));
    }

    public function testAuth(){

    }
}

This code return session and user data but not work and I think is not good method for mobile auth. Do you have any idea for auth for cakephp ? How I make my code more security ?