Page 1 of 1

Doing Development with SSL?

Posted: Thu Oct 24, 2002 1:16 pm
by JPlush76
I'm doing an ecommerce site and it needs SSL

We have a test box and a live box, the test box has an ssl cert installed but its not active, just for testing purposes

our live box has our real ssl cert.

how do I test pages on my test box if I have to hard code the ssl links?

href=https://www.livesite.com/checkout.php

is there a way I can do SSL and still have relative paths?

like just: checkout.php

but have that still going to SSL? :(

???

Posted: Fri Oct 25, 2002 10:59 am
by nielsene
Well the way I handle this:
always use absolute urls, my main includes set up $BASE_URL and $SECURE_URL which includes the protocol, hostname, and baselevel directories needed by the pages. I also have a site configuration variable "SECURITY_LEVEL" which can be "None | Login | Always". When none both base and secure use http, when login, base is http and secure is https, when always both are https. This way if I'm on a demo machine without ssl, I can quickly turn off those features, but still keep all the links working, or if I'm on the production machine that has enough power to ssl all page views it goes to always. When I'm developing or on non-dedicated machines I use the login setting.

The tradeoff to me for always using the absolutes is that it break GET-fallback for cookies rejected as PHP won't propagate the sessionid to absolute urls (at least it used to no, I'm not sure if it does now, I remember a discussion about how it would if the domain was local....)

I'm sure there are plenty of other (possibly better) ways.