问题
I'm trying to enable SSL for only certain actions on my CakePHP based website. I'm doing this using requireSecure() and redirecting to https://url in the corresponding blackHoleCallback().
To keep the server load down, I'd like to redirect back to http://whatever_url once the user is done with the action that requires SSL.
How do I do this?
回答1:
So this is one solution I've come upon. I add the following snippet to beforeFilter() in AppController:
if (!in_array($this->action, $this->Security->requireSecure) and env('HTTPS'))
$this->_unforceSSL();
The function is defined as:
function _unforceSSL() {
$this->redirect('http://' . $_SERVER['SERVER_NAME'] . $this->here);
}
回答2:
Make sure to use a cookie that requires a secure connection for the secure pages, and a normal cookie for non secure pages. This way, if someone captures the non secure cookie, they won't be able to hijack any sensitive information.
回答3:
what I don't like with the redirect approach is that the user still goes to the unsecure url and only after this he is redirected.
I wanted something done at the html->link/url level where depending on what you pass a ssl/non-ssl link is returned, something similar with: http://cakephp.1045679.n5.nabble.com/Re-Login-through-HTTPS-on-CakePHP-td1257438.html but also using the secure component
later edit, I did something easier that just did my job done, I try to create a simple example (don't forget to define MYAPP_SECURE_URL in config/core.php or bootstrap.php): in app I created app_helper.php:
class AppHelper extends Helper {
function url($url = null, $full = false) {
if($url['action'] == 'login' && $url['controller'] == 'users') {
return MYAPP_SECURE_URL.'/users/login';
}
return h(Router::url($url, $full));
}
}
来源:https://stackoverflow.com/questions/751338/selectively-enabling-ssl-for-certain-actions-in-cakephp