I'm trying to enable SSL for only certain actions on my CakePHP based website. I'm doing this using requireSecure() and redirecting to https://url in the corresponding blackHoleCallback().
To keep the server load down, I'd like to redirect back to http://whatever_url once the user is done with the action that requires SSL.
How do I do this?
So this is one solution I've come upon. I add the following snippet to beforeFilter() in AppController:
if (!in_array($this->action, $this->Security->requireSecure) and env('HTTPS'))
$this->_unforceSSL();
The function is defined as:
function _unforceSSL() {
$this->redirect('http://' . $_SERVER['SERVER_NAME'] . $this->here);
}
Make sure to use a cookie that requires a secure connection for the secure pages, and a normal cookie for non secure pages. This way, if someone captures the non secure cookie, they won't be able to hijack any sensitive information.