#5811: Session component write function doesn't work in SSL
------------------------+---------------------------------------------------
Reporter: japicka | Owner:
Type: Bug | Status: reopened
Priority: High | Milestone: 1.2.x.x
Component: Session | Version: RC3
Severity: Major | Resolution:
Keywords: | Php_version: PHP 5
Cake_version: |
------------------------+---------------------------------------------------
Changes (by japicka):
* status: closed => reopened
* resolution: needmoreinfo =>
Comment:
This is the before Filter code
function beforeRender()
{
if (isset($this->requireSSL)) {
if (is_array($this->requireSSL)) {
if
(in_array($this->params['action'],$this->requireSSL)) {
$this->Ssl->force();
} else {
$this->Ssl->unforce();
}
} else {
$this->Ssl->unforce();
}
} else {
$this->Ssl->unforce();
}
if( $this->Session->check( 'message' ) )
{
$this->set( 'message', $this->Session->read(
'message' ) );
$this->Session->delete( 'message' );
}
}
This is the component
<?php
class SslComponent extends Object {
var $components = array('RequestHandler');
var $Controller = null;
function initialize(&$Controller) {
$this->Controller = $Controller;
}
function force() {
if(!$this->RequestHandler->isSSL()) {
$this->Controller->redirect('https://'.$this->__url());
}
}
function unforce() {
if($this->RequestHandler->isSSL()) {
$this->Controller->redirect('http://'.$this->__urll());
}
}
function __urll() {
$port = env('SERVER_PORT') == 443 ? '' :
':'.env('SERVER_PORT');
return env('SERVER_NAME').$port.env('REQUEST_URI');
}
function __url() {
$port = env('SERVER_PORT') == 80 ? '' : ':'.env('SERVER_PORT');
return env('SERVER_NAME').$port.env('REQUEST_URI');
}
}
?>
In the controllers in question you have a variable called requireSSL which
is an array of actions in the controller that requires ssl. (i.e. login,
or sign-up if credit card information is entered).
If I put the code from beforeRender in beforeFilter it just redirects
endlessly and the apache server errors out. Also if the action has
already happened then the session variable should be set then shouldn't
it, but it isn't in the ssl case.
The way to test this is to put the code I have in app_controller.php
beforeRender, and the component goes where it is supposed to go, then just
add the array variable to an action in another controller that sets up a
session variable. It will not get set in SSL mode in RC3 in RC2 it will
--
Ticket URL: <https://trac.cakephp.org/ticket/5811#comment:2>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to tickets-cakephp@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
