In CakePHP Auth - is there a way to force https on all actions requiring Authentication (but not others)

views:

answers:

In CakePHP Auth - is there a way to force https on all actions requiring Authentication (but not others)

Using CakePHP Auth, I want to have all actions that require being logged in to also be forced to use https.

Is this possible via a Callback somehow?

Further info: I have Admin routing in use as well as certain "member-only" actions. Using cakePHP 1.2 also.

many thanks for any pointers on this.

boobyW.

+1 A:

Yep! Here is a great component for doing just that: http://bakery.cakephp.org/articles/view/component-for-forcing-a-secure-connection

cdburgess 2010-08-19 16:44:46

The login page must also be served over HTTPS, and you probably want a secure session cookie for logged in users, so it isn't transmitted when accessing the site over HTTP (this means that the user won't appear as logged in when browsing over HTTP).

tc. 2010-08-19 19:18:03

I was going to secure the login page - thats a help with the cookei part though, I will attend to that too, thanks.

boobyWomack 2010-08-21 10:55:22

If the cookie is secure, then the user can't be logged in over HTTP (unless they explicitly edit the cookie, or they have a browser that doesn't support it).

tc. 2010-08-23 02:05:01

ansaurus

tags:

views:

answers:

In CakePHP Auth - is there a way to force https on all actions requiring Authentication (but not others)

related questions