Starnge redirect from http to https on login

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Starnge redirect from http to https on login

dtemes

We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs:

 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "POST /users/login HTTP/1.1" 302 596 "https://xxx.xxx.com/users/login" "Moz
illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 468 "https://xxx.xxx.com/users/login" "Mozilla/5.
0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G
ecko/20100101 Firefox/25.0"


This is the auth config:
$this->Auth->authorize = 'Controller';
        $this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
       
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->autoRedirect = false;


We are currently running cake 2.4.0


--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
Reply | Threaded
Open this post in threaded view
|

Re: Starnge redirect from http to https on login

Andras Kende
maybe add 

$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');

Andras Kende


On Nov 21, 2013, at 1:03 PM, dtemes <[hidden email]> wrote:


We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs:

 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "POST /users/login HTTP/1.1" 302 596 "https://xxx.xxx.com/users/login" "Moz
illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 468 "https://xxx.xxx.com/users/login" "Mozilla/5.
0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G
ecko/20100101 Firefox/25.0"


This is the auth config:
$this->Auth->authorize = 'Controller';
        $this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
       
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->autoRedirect = false;


We are currently running cake 2.4.0



--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
Reply | Threaded
Open this post in threaded view
|

Re: Starnge redirect from http to https on login

AD7six
In reply to this post by dtemes
This log does not look to show a redirect changing protocols. it shows, what looks like, two parallel/subsequent requests to /users on https and http. the last request shown doesn't originate from the request before it and has no referer.

If relevant, check what is stored in the session in Auth.redirect; if the original request was for http - it's quite possible you're being redirected back to http since that's where you were before logging in.

AD

On Thursday, 21 November 2013 22:03:58 UTC+1, dtemes wrote:

We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs:

 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "POST /users/login HTTP/1.1" 302 596 "https://xxx.xxx.com/users/login" "Moz
illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 468 "https://xxx.xxx.com/users/login" "Mozilla/5.
0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G
ecko/20100101 Firefox/25.0"


This is the auth config:
$this->Auth->authorize = 'Controller';
        $this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
       
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->autoRedirect = false;


We are currently running cake 2.4.0


--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
Reply | Threaded
Open this post in threaded view
|

Re: Starnge redirect from http to https on login

dtemes
In reply to this post by dtemes
We have found the solution, after sending user credentials the login action was redirecting to users/index, that first redirect keeps the https protocol, but then in the index action we have some business logic to check the type of user and based on that redirecting to the index action of controller A or controller B. We have included the logic directly in the login action, without redirecting to /users/index, and then the https protocol is not lost.

To summarize:

before:

1. user posts login data
2. Redirect to /users/index
3. Based on user role redirect to controllerA/index or controllerB/index, here there was an extra redirect to /users/index that was using http and not https (???) We don't know where this second redirect to users/index comes from.

David

El jueves, 21 de noviembre de 2013 22:03:58 UTC+1, dtemes escribió:

We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs:

 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "POST /users/login HTTP/1.1" 302 596 "https://xxx.xxx.com/users/login" "Moz
illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 468 "https://xxx.xxx.com/users/login" "Mozilla/5.
0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] "GET /users HTTP/1.1" 302 368 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G
ecko/20100101 Firefox/25.0"


This is the auth config:
$this->Auth->authorize = 'Controller';
        $this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));
       
        $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
        $this->Auth->autoRedirect = false;


We are currently running cake 2.4.0


--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.