I want to redirect users to a login page if they aren’t already logged in. Yii sorts this all out for me. My question is whether I can redirect someone to the https version of the login page?
The Yii documentation at http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control has all the instructions.
In my controller I have:
...
public function filters()
{
return array('accessControl');
}
public function accessRules()
{
return array(
array('allow', // Allow all actions for logged in users ("@")
'users' => array('@'),
'actions' => array('index'),
),
array('deny'), // Deny anything else
);
}
...
Yii uses the [font="Courier New"]loginUrl[/font] property of the [font="Courier New"]user[/font] component to determine where to redirect unauthorized users. By default, [font="Courier New"]loginUrl[/font] points to the [font="Courier New"]site/login[/font] page. It can be configured e.g.
array(
......
'components'=>array(
'user'=>array(
// this is actually the default value
'loginUrl'=>array('site/login'),
),
),
)
My options:
[list=1]
[*]Use a absolute url e.g. [font=“Courier New”]‘https://www.example.com/site/login[/font]’. This is annoying because then I have to have the correct value for each of our sites, local, staging, production, etc.
[*]Leave the default and then ensure the login page has a filter that redirects to https. This is what we do at the moment but it means we have 2 redirects and the Google pagespeed suggestion tool is recommending I shorten my redirect chain.
[/list]
Is there a better way?