Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CakePHP Authcomponent session expires after using SSL unforce method

I am using SSL for 5 pages while during registration

https://www.example.com/step1
https://www.example.com/step2
https://www.example.com/step3 - Auth component login
https://www.example.com/step4
https://www.example.com/step5

After step 3, I am creating a Session of the user using Auth Component which automatically logs the user in by Auth component. However, after step 5, it will redirect to http://www.example.com/welcome

I am using SSL component unforced method to change HTTPS to HTTP . Everything working fine but the problem is that once I reach the welcome page from step 5 (HTTPS) my auth component session expires. I have tried to debug it, but could not find any solution. Please note that without HTTPS all steps and sessions are working fine.

like image 757
AnNaMaLaI Avatar asked Aug 21 '12 14:08

AnNaMaLaI


2 Answers

Code in AppController class :

function beforeFilter() {
parent::beforeFilter();
$this->_setupSecurity();}

function _setupSecurity() {
$this->Security->blackHoleCallback = '_badRequest';
if(Configure::read('forceSSL')) {
    $this->Security->requireSecure('*');    }

}

/** * The main SecurityComponent callback. * Handles both missing SSL problems and general bad requests. */

function _badRequest() {
if(Configure::read('forceSSL') && !$this->RequestHandler->isSSL()) {
    $this->_forceSSL();
} else {
    $this->cakeError('error400');
}
exit;}

/** * Redirect to the same page, but with the https protocol and exit. */

function _forceSSL() {
$this->redirect('https://' . env('SERVER_NAME') . $this->here);
exit;

}

Follow this link: May be you get your solution..

https://stackoverflow.com/a/4473178/983624

like image 99
Pank Avatar answered Sep 20 '22 02:09

Pank


if you are using Cakephp 2.0 then go to the following folder

lib/Cake/Model/Datasource/

Open the CakeSession.php file and search for the following line

if (!isset($sessionConfig['ini']['session.cookie_secure']) && env('HTTPS'))
{
        $sessionConfig['ini']['session.cookie_secure'] = 1; // Just comment this line and try it will works
}
like image 40
AnNaMaLaI Avatar answered Sep 22 '22 02:09

AnNaMaLaI