Protecting https:// connection

[ikeo]

Hey guys.
I was wondering how do you ensure that a page is only accessed as
"https://"?

for example if I connect to the checkout page of an ecommerce site like so

https://www.mysite.com/shoppingcart.html

how can I ensure that if you went to the URL and did took out the "s" from the "https" so it was like so

http://www.mysite.com/shoppingcart.html

that the connection would fail or you'd be prompted to log in again.
I ask because I worked on a site recently that has this problem. If you add stuff to the shopping cart and go to check out, it directs you to a secure link, but if you take off that "s" the link is no longer secure. I tried the same thing on Amazon but they don't play that. They immediately make you log in if the connection is not secure (and I want to know how they do it).

I don't know how someone could take advantage of this in a malicious way but its been bothering me a lot.

[KLB]

Using PHP code like this at the very top of the page:

Code:

	if($HTTP_SERVER_VARS["HTTPS"] != "on"){
		$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
		header("location: $newurl");
		exit;
		}

[ikeo]

Exactly the code snippet I was looking for.
Thanks KLB

[Hartmann]

Those pages don't sit in seperate folders on your server?

Meaning you are able to access your https:// content from your http:// address?

[ToolboxTech]

Those pages don't sit in seperate folders on your server?

Meaning you are able to access your https:// content from your http:// address?

That's the standard for cPanel servers so I'd assume so.

[ikeo]

Those pages don't sit in seperate folders on your server?

Meaning you are able to access your https:// content from your http:// address?

err ... yeah?
How is it supposed to be ?