Friday, November 22, 2013

Re: Starnge redirect from http to https on login

We have found the solution, after sending user credentials the login action was redirecting to users/index, that first redirect keeps the https protocol, but then in the index action we have some business logic to check the type of user and based on that redirecting to the index action of controller A or controller B. We have included the logic directly in the login action, without redirecting to /users/index, and then the https protocol is not lost.

To summarize:

before:

1. user posts login data
2. Redirect to /users/index
3. Based on user role redirect to controllerA/index or controllerB/index, here there was an extra redirect to /users/index that was using http and not https (???) We don't know where this second redirect to users/index comes from.

David

El jueves, 21 de noviembre de 2013 22:03:58 UTC+1, dtemes escribió:

We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs:

 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "POST /users/login HTTP/1.1" 302 596 "https://xxx.xxx.com/users/login" "Moz
illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 468 "https://xxx.xxx.com/users/login" "Mozilla/5.
0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G
ecko/20100101 Firefox/25.0"


This is the auth config:
$this->Auth->authorize = 'Controller';
        $this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
       
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->autoRedirect = false;


We are currently running cake 2.4.0


--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

No comments: