I have resolved this (thanks to designvoid for pointing the way).
It was indeed due to secure cookies. As soon as the site steps out of SSL back
into non-SSL, the cookie (that had been created within SSL) was invisible.
The fix is to add this line:
Configure::write('Session.cookie_secure', 0);
...to /app/core.php Although it doesn't really matter, I added it directly
after this line:
Configure::write('Session.cookie', 'CAKEPHP');
...which is line 164 in 1.3
Jeremy Burns
[email protected]
On 6 May 2010, at 15:04, Jeremy Burns wrote:
> Thanks. Interestingly, the problem exists on Firefox, but not Safari. This
> suggests it could be a local cache issue (?) and I am investigating further.
>
> Jeremy Burns
> [email protected]
>
>
> On 6 May 2010, at 15:00, [email protected] wrote:
>
>> I may be wrong but IIRC there is some issue with secure/insecure
>> cookies when switching between http and https.
>>
>> I found the article a while back that discussed it, I'm sure a quick
>> google will turn it up.
>>
>> Also, I remebered there was a 'fix' that involved a slight change in
>> the core (ouch) or an alternative that involved creating a custom
>> session handler.
>>
>> It was a while ago, so I may be off base but as I said google is your
>> friend!
>>
>> t.
>>
>> On May 6, 12:19 pm, Jeremy Burns <[email protected]> wrote:
>>> I have a site that flicks to https for some actions, including when
>>> logging in. When it flicks back to http the Auth->user() variable is
>>> empty, so permissions are being denied incorrectly and the user is
>>> sent to the log in page. Any ideas for how to solve this? Are SSL and
>>> non-SSL sessions stored separately?
>>>
>>> Check out the new CakePHP Questions sitehttp://cakeqs.organd help others
>>> with their CakePHP related questions.
>>>
>>> You received this message because you are subscribed to the Google Groups
>>> "CakePHP" group.
>>> To post to this group, send email to [email protected]
>>> To unsubscribe from this group, send email to
>>> [email protected] For more options, visit this group
>>> athttp://groups.google.com/group/cake-php?hl=en
>>
>> Check out the new CakePHP Questions site http://cakeqs.org and help others
>> with their CakePHP related questions.
>>
>> You received this message because you are subscribed to the Google Groups
>> "CakePHP" group.
>> To post to this group, send email to [email protected]
>> To unsubscribe from this group, send email to
>> [email protected] For more options, visit this group at
>> http://groups.google.com/group/cake-php?hl=en
>
> Check out the new CakePHP Questions site http://cakeqs.org and help others
> with their CakePHP related questions.
>
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected] For more options, visit this group at
> http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
