I'm trying to enable SSL for only certain actions on my CakePHP based website. I'm doing this using requireSecure() and redirecting to https://url in the corresponding blackHoleCallback().

To keep the server load down, I'd like to redirect back to http://whatever_url once the user is done with the action that requires SSL.

How do I do this?

So this is one solution I've come upon. I add the following snippet to beforeFilter() in AppController:

if (!in_array($this->action, $this->Security->requireSecure) and env('HTTPS'))
    $this->_unforceSSL();

The function is defined as:

function _unforceSSL() {
    $this->redirect('http://' . $_SERVER['SERVER_NAME'] . $this->here);
}

Make sure to use a cookie that requires a secure connection for the secure pages, and a normal cookie for non secure pages. This way, if someone captures the non secure cookie, they won't be able to hijack any sensitive information.

what I don't like with the redirect approach is that the user still goes to the unsecure url and only after this he is redirected.

I wanted something done at the html->link/url level where depending on what you pass a ssl/non-ssl link is returned, something similar with: http://cakephp.1045679.n5.nabble.com/Re-Login-through-HTTPS-on-CakePHP-td1257438.html but also using the secure component

later edit, I did something easier that just did my job done, I try to create a simple example (don't forget to define MYAPP_SECURE_URL in config/core.php or bootstrap.php): in app I created app_helper.php:

class AppHelper extends Helper {
    function url($url = null, $full = false) {
        if($url['action'] == 'login' && $url['controller'] == 'users') {
            return MYAPP_SECURE_URL.'/users/login';
        }
        return h(Router::url($url, $full));
    }
}