A simple way to do this is authenticate some other page, and set a cake session variable. Then protect your index by checking the variable, redirecting to the authentication page if not set. Though this may not be appropriate for your site.
Jeff On Sep 26, 11:03 am, bill2520 <[EMAIL PROTECTED]> wrote: > I have an action called index() that allows users to see their > personal information To keeps this info safe from hackers I want to > protect index() using requireAuth. The means that all my ways of > linking to index() have to use POST. This complicates the code and > leads to a clunky interface and/or javascript. POST is good for > submitting forms but for general site navigation it seems > inappropriate. > > I would rather be using GET. Yes, this would put the big, ugly > authentication key in the url. But there would be no security issue > because the key changes every time so no-one can use it to hijack the > session. > > The Cake manual says requireAuth doesn't check authorization on GET > requests for reasons of flexibility. With all due respect the > flexibility I would like to see is the ability to have requireAuth > work with GET. Am I crazy? How are other people doing this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
