Recenty I've moved my application to subdirectory so I've configured fullBaseUrl like this:
Configure::write('App.fullBaseUrl', 'https://example.com/subdirectory');
Nothing more changed in app and it all works perfect, except one thing - accessing unauthorized locations.
I've defined like this:
$this->Auth->loginAction = ['controller' => 'app_users', 'action' => 'login', 'admin' => false];
$this->Auth->loginRedirect = ['controller' => 'dashboard', 'action' => 'index', 'admin' => false];
$this->Auth->logoutRedirect = ['controller' => 'app_users', 'action' => 'login', 'admin' => false];
$this->Auth->unauthorizedRedirect = ['controller' => 'dashboard', 'action' => 'index', 'admin' => false];
Thus this logged users when try to access unauthorized action are redirected to their's dashboard, but users that are not logged in should be redirected to login form.
But after moving app to subdirectory and defining fullBaseUrl for unauthorized locations I'm getting redirect like this:
https://example.com/subdirectory/subdirectory/app_users/login
This is a bug that was recently fixed. It will be available in the next bugfix release for 2.7 series. If you need it right away use the 2.7 git branch.