Menu
I'm trying to enable SSL for only certain actions on my CakePHP based website. I'm doing this using requireSecure() and redirecting to https://url in the corresponding blackHoleCallback().
To keep the server load down, I'd like to redirect back to http://whatever_url once the user is done with the action that requires SSL.
How do I do this?
867
So this is one solution I've come upon. I add the following snippet to beforeFilter() in AppController:
if (!in_array($this->action, $this->Security->requireSecure) and env('HTTPS'))
$this->_unforceSSL();
The function is defined as:
function _unforceSSL() {
$this->redirect('http://' . $_SERVER['SERVER_NAME'] . $this->here);
}
Make sure to use a cookie that requires a secure connection for the secure pages, and a normal cookie for non secure pages. This way, if someone captures the non secure cookie, they won't be able to hijack any sensitive information.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
