A fusion of technology, music, and geekyness.

Using the Security Component in CakePHP for SSL

I recently needed to require some of my CakePHP actions to be forced to use a secure connection for security purposes. It took me a long time to finally figure out the solution that I found in CakePHP 1.2 so I figured I would share. There is a handy Security Component provided by CakePHP that does exactly what I was looking for. I attempted to contribute to the Cake Book so hopefully the changes will show up there soon.

The example below shows how to force certain actions (login and checkout) to use a secure connection. You specify as many actions in your $this->Security->requireSecure() function that you want to require to be secure. Each time a request that you put in this method is called in a non-secure manner it will do what is called a black hole. When the request is black holed, it will generate a 404 error by default. In the example below I have overridden the default behavior and created my own custom call back that will redirect to a secure connection automatically.

class AppController extends Controller {
	var $components = array('Security');

	function beforeFilter() {
		$this->Security->blackHoleCallback = 'forceSSL';
		$this->Security->requireSecure('login', 'checkout');

	function forceSSL() {
		$this->redirect('https://' . $_SERVER['SERVER_NAME'] . $this->here);

Notice: All of the Security Component’s methods will be passed to the same callback function that you specify so be careful if you are using multiple methods.

Update 03/09/09: My doc changes and usage example were accepted on the official Cake book!

4 Responses to “Using the Security Component in CakePHP for SSL”

  1. GAntony says:

    This works. It redirects the site to https://the_site. But I could not see the lock symbol stating that the site is ssl enabled. Please help.

Leave a Reply

Powered by Wordpress | Designed by Elegant Themes