SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Evangelist ikeo's Avatar
    Join Date
    Oct 2004
    Location
    Austin Texas
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Protecting https:// connection

    Hey guys.
    I was wondering how do you ensure that a page is only accessed as
    "https://"?

    for example if I connect to the checkout page of an ecommerce site like so
    https://www.mysite.com/shoppingcart.html
    how can I ensure that if you went to the URL and did took out the "s" from the "https" so it was like so

    http://www.mysite.com/shoppingcart.html
    that the connection would fail or you'd be prompted to log in again.
    I ask because I worked on a site recently that has this problem. If you add stuff to the shopping cart and go to check out, it directs you to a secure link, but if you take off that "s" the link is no longer secure. I tried the same thing on Amazon but they don't play that. They immediately make you log in if the connection is not secure (and I want to know how they do it).

    I don't know how someone could take advantage of this in a malicious way but its been bothering me a lot.

  2. #2
    SitePoint Wizard silver trophy KLB's Avatar
    Join Date
    Nov 2003
    Location
    Maine USA
    Posts
    3,781
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Using PHP code like this at the very top of the page:

    Code:
    	if($HTTP_SERVER_VARS["HTTPS"] != "on"){
    		$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    		header("location: $newurl");
    		exit;
    		}
    Ken Barbalace: EnvironmentalChemistry.com (Blog, Careers)
    InternetSAR.org
    Volunteers Assist Search and Rescue via Internet
    My Firefox Theme: Classic Compact
    Based onFirefox's default theme but uses much less window space

  3. #3
    SitePoint Evangelist ikeo's Avatar
    Join Date
    Oct 2004
    Location
    Austin Texas
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Exactly the code snippet I was looking for.
    Thanks KLB

  4. #4
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Those pages don't sit in seperate folders on your server?

    Meaning you are able to access your https:// content from your http:// address?

  5. #5
    SitePoint Enthusiast
    Join Date
    May 2004
    Location
    Ontario, Canada
    Posts
    99
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Hartmann
    Those pages don't sit in seperate folders on your server?

    Meaning you are able to access your https:// content from your http:// address?
    That's the standard for cPanel servers so I'd assume so.
    Brock Ferguson
    Lead Developer, Caribou CMS
    A Subscription/Membership CMS and Ecommerce Platform - FREE Trial

  6. #6
    SitePoint Evangelist ikeo's Avatar
    Join Date
    Oct 2004
    Location
    Austin Texas
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Hartmann
    Those pages don't sit in seperate folders on your server?

    Meaning you are able to access your https:// content from your http:// address?
    err ... yeah?
    How is it supposed to be ?
    Last edited by ikeo; Mar 23, 2005 at 01:49.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •