I have a workaround using a cookie to solve the loss of the session but I still have not implemented anything to automagically redirect the user back to non-SSL requests. I am looking for an elegant solution if anybody out there has one.
-- Andrew On Mon, Apr 27, 2009 at 4:25 PM, Firas <[email protected]> wrote: > > I want to join you in asking this question. > > I'm not familiar with other posts, but I think that this is related to > the fact that session cookies created under SSL are only retrieved > when the client logs back in in SSL. In other words the php session > (or cake) cookies have the "secure" parameter set to true (if the > security level is set to "high". I looked at the code, and that > doesn't seem to be tweekable. I could be wrong). I want to log-in only > under SSL and redirect to non-SSL for the rest of the app. The problem > is that the a user session was created but was not sent back in the > cookie in the non-SSL requests. This is not a high priority issue for > me, but I REALLY would like to know how other users deal with this. > > On Apr 26, 11:31 pm, "[email protected]" <[email protected]> > wrote: > > I have the Security component working and redirecting to my pages > > using the sample code in the book. > > > > function beforeFilter(){ > > $this->Security->blackHoleCallback = 'forceSSL'; > > $this->Security->requireSecure('login'); > > } > > > > function forceSSL() { > > $this->redirect('https://' . $_SERVER['SERVER_NAME'] . > $this->here); > > } > > > > What I am not seeing is some way to tell my app to redirect back to > > non-SSL requests once the user is logged in. Has anybody got any > > suggestions on the best way to accomplish this? > > > > I have also seen posts talking about seesions not working when > > switching between SSL and non-SSL requests. Is this still a problem? I > > > -- Andrew Armstrong --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
