Hi, I am using Cake 1.2 - 14th October nightly build. I have set up my app_controller with admin routing, so that an admin function will ask the user to authenticate with HTTP auth. (I had wanted to do a simple .htaccess, with .htpasswd - so I thought I would try the Cake way).
I have this working, BUT, when I submit an add form (e.g. submit admin_Add or admin_edit) I get asked to authenticate again, which also doesnt seem to work if correct details are put in. (The latter is to do with my custom blackhole callback I think). How can I tell the Security component not to ask for Auth again upon a POST? here is my app_controller code: class AppController extends Controller { var $helpers = array('Html','Form','Javascript'); var $components = array("Security"); function beforeFilter() { if (isset($this->params["admin"])) { $this->Security->blackHoleCallback = 'incorrect'; $this->Security->requireLogin('*',array('type'=>'basic','realm' => Configure::read('Settings.title'))); $this->Security->loginUsers = array("admin" => 'password'); } } // added this callback because without, if a user enters wrong details, auth prompt will not re-display function incorrect () { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details incorrect. Please refresh.'); } if I change my callback to this, it will work, but this is insecure, obviously as it simply authenticates any POSTs! function incorrect () { if(!$this->RequestHandler->isPost()) { header('WWW-Authenticate: Basic' .' realm="' . Configure::read('Settings.title') . '"'); header('HTTP/1.1 401 Unauthorized'); $this->autoRender = false; $this->layout = ''; die('<h1>HTTP/1.1 401 Unauthorized.</h1> Details incorrect. Please refresh.'); } else { return true; } } thank you in advance for any help you can offer. Luke aka boobyW --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---