Doing Development with SSL?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JPlush76
Forum Regular
Posts: 819
Joined: Thu Aug 01, 2002 5:42 pm
Location: Los Angeles, CA
Contact:

Doing Development with SSL?

Post by JPlush76 »

I'm doing an ecommerce site and it needs SSL

We have a test box and a live box, the test box has an ssl cert installed but its not active, just for testing purposes

our live box has our real ssl cert.

how do I test pages on my test box if I have to hard code the ssl links?

href=https://www.livesite.com/checkout.php

is there a way I can do SSL and still have relative paths?

like just: checkout.php

but have that still going to SSL? :(

???
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Well the way I handle this:
always use absolute urls, my main includes set up $BASE_URL and $SECURE_URL which includes the protocol, hostname, and baselevel directories needed by the pages. I also have a site configuration variable "SECURITY_LEVEL" which can be "None | Login | Always". When none both base and secure use http, when login, base is http and secure is https, when always both are https. This way if I'm on a demo machine without ssl, I can quickly turn off those features, but still keep all the links working, or if I'm on the production machine that has enough power to ssl all page views it goes to always. When I'm developing or on non-dedicated machines I use the login setting.

The tradeoff to me for always using the absolutes is that it break GET-fallback for cookies rejected as PHP won't propagate the sessionid to absolute urls (at least it used to no, I'm not sure if it does now, I remember a discussion about how it would if the domain was local....)

I'm sure there are plenty of other (possibly better) ways.
Post Reply