Session not saving when moving from ssl to non-ssl

Question

I have a login screen that I force to be ssl, so like this: https://www.foobar.com/login then after they login, they get moved to the homepage: https://www.foobar.com/dashba

Answer 1

You can specify your own session handling settings in a configuration file (rather than editing the CakePHP library file.) In the configuration file you can set session.cookie_secure to 0, which will take precedence over the setting in /cake/lib/session.php. This will allow the session cookie to be used for both SSL and non-SSL connections.

Here is a blog entry on the topic: http://bakery.cakephp.org/articles/view/how-to-bend-cakephp-s-session-handling-to-your-needs

and some documentation from the Cookbook: http://book.cakephp.org/view/173/Sessions