I should add that the same problem exists in the opposite direction, meaning if you have code that forces http in the app_controller, it will fail if the page is cached.
This is a problem if you have a site where most of it is http and only one or two pages need to be https. You either live with people staying on https after they've visited the secure page, and robbing you of performance, or else you need to code a whole new layout just for the ssl page so that all outbound links have full paths with http in them. Or else you have to make your regular layout use only absolute paths in the first place. None of these is ideal. Surely someone has run into this problem and figured a clever workaround? On Nov 12, 8:04 pm, calzone <[email protected]> wrote: > So it looks like if you use this well documented method: > > $this->Security->blackHoleCallback = 'forceSSL'; > $this->Security->requireSecure(); > > And then implement caching on the page. People can access the cached > page through regular http. > > Is this by design? If not has anyone else run into this and found a > workaround that doesn't involve turning off caching for the page? -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
