I’m building a Laravel 3 application and I wanted to make sure that logged-in users always remain in HTTPS browsing mode no matter what part of the application they are using, whilst visitors can browse around the site in HTTP mode.
In my routes.php file at the start I initialise an array. Then if the user is authorised we add an element to the array.
$base = array();
if (Auth::user())
{
$base['https'] = TRUE;
}
Then when we’re creating our routes it’s easy to show a HTTP route to non-auth users but make sure it’s HTTPS for authorised users.
Route::get('page/(:any)', $base + array('uses' => '[email protected]_page'));
On routes that need to be HTTPS whether the user is authorised or not then we just ignore the $base array.
Route::any('auth/login', array('uses' => '[email protected]', 'https' => TRUE));
Whilst I could have the entire site running in HTTPS all the time I think this approach will work well as there really is no need for visitors to see simple pages in HTTPS but for authorised users we ensure that they remain in HTTPS at all times, giving an extra sense of security whilst using the application.
I hope this tip is helpful to you!
Comments