Ensuring SSL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
chas688
Forum Newbie
Posts: 15
Joined: Wed Jul 14, 2004 3:25 pm

Ensuring SSL

Post by chas688 »

All,

My site is set up for SSL and I have links to go to the https://www.mysite.com/order.php portion. This does not prevent a user from accessing /order.php without being having SSL enabled. I've searched, but to no avail on this topic, but does anybody know if there is a way to ensure that the page gets viewed in SSL?

Thanks,

Chas688
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$_SERVER['HTTPS'] will tell you whether they are in secure mode or not. You can header() redirect from that information to secure mode if needed.
chas688
Forum Newbie
Posts: 15
Joined: Wed Jul 14, 2004 3:25 pm

Would this work?

Post by chas688 »

how does this look?

Thanks -

Code: Select all

<?

session_start();

if (!isset($_SERVER['HTTPS'])
{
	header("Location: https://www.mysite.com/testsite/order2.php");
	exit;
}
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Have you tried it?
chas688
Forum Newbie
Posts: 15
Joined: Wed Jul 14, 2004 3:25 pm

Tried it

Post by chas688 »

Strange -

I was missing a ")" at the end of the conditional, but once I fixed that, it actually works somewhat. I get a secure symbol in the bottom of the browser, but it does not update the address bar with https://

Is that normal?

Thanks,
Chas
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I have not experienced such behavior.
chas688
Forum Newbie
Posts: 15
Joined: Wed Jul 14, 2004 3:25 pm

Works fine

Post by chas688 »

I cleared my cache in the browser and it works just fine now.

Thanks for the nifty tip.

Chas
Post Reply