-- Andrew
On Mon, Apr 27, 2009 at 4:25 PM, Firas <firasw@gmail.com> wrote:
I want to join you in asking this question.
I'm not familiar with other posts, but I think that this is related to
the fact that session cookies created under SSL are only retrieved
when the client logs back in in SSL. In other words the php session
(or cake) cookies have the "secure" parameter set to true (if the
security level is set to "high". I looked at the code, and that
doesn't seem to be tweekable. I could be wrong). I want to log-in only
under SSL and redirect to non-SSL for the rest of the app. The problem
is that the a user session was created but was not sent back in the
cookie in the non-SSL requests. This is not a high priority issue for
me, but I REALLY would like to know how other users deal with this.
On Apr 26, 11:31 pm, "abarmstr...@gmail.com" <abarmstr...@gmail.com>
wrote:
> I have the Security component working and redirecting to my pages
> using the sample code in the book.
>
> function beforeFilter(){
> $this->Security->blackHoleCallback = 'forceSSL';
> $this->Security->requireSecure('login');
> }
>
> function forceSSL() {
> $this->redirect('https://' . $_SERVER['SERVER_NAME'] . $this->here);
> }
>
> What I am not seeing is some way to tell my app to redirect back to
> non-SSL requests once the user is logged in. Has anybody got any
> suggestions on the best way to accomplish this?
>
> I have also seen posts talking about seesions not working when
> switching between SSL and non-SSL requests. Is this still a problem? I
--
Andrew Armstrong
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment