[FX.php List] [OFF] https per page?
Dale Bengston
dbengston at tds.net
Mon Dec 7 19:32:56 MST 2009
I handle this problem by including a config file at the top of my pages that toggles a whole bunch of constants. These constants include http vs https, data source, default ports, domain names, default page (for testing) vs. none (controlled by Apache on live server), etc. I build all my urls from these constants - everything uses absolute references, even JavaScript includes, AJAX calls, image references and CSS files.
I am currently developing a site that runs on my laptop using MySQL and http, and when I put the pages live, it "knows" to do https and use MS SQL Server. No interaction necessary... which is good because I used to forget to change *something* every time. I toggle a lot of other things in this config too, like error reporting, debugging feedback, and so on.
This was a bit of a hassle to get set up, but it was definitely worth the effort. Toggling this way not only allows you to work on different servers, but also different platforms and with different data sources by flipping a few environment variables. I recently adapted it to work with SQL Server (yes, FX.php too) so I can spin in yet another direction.
Dale
On Dec 7, 2009, at 7:44 PM, Joel Shapiro wrote:
> Hi again
>
> Having full https... links makes it difficult to have a copy of the site on my development machine and be able to just copy pages over to the client's server (href="https://localhost/login.php" vs href="https://client.com/login.php")
>
> Using the php script from that link below seems to work really well.
>
> Can anybody see any reasons why it might be a bad/unsafe idea to use it? This way, I can keep all my links relative, and the login and checkout pages will still *always* be https.
>
> <?php
> if ($_SERVER['SERVER_PORT']!=443)
> {
> $url = "https://". $_SERVER['SERVER_NAME'] . ":443".$_SERVER['REQUEST_URI'];
> header("Location: $url");
> }
> ?>
>
> (I suppose I could use a variable for the domain with https links, but I kinda like this script)
>
> -Joel
>
>
> On Dec 7, 2009, at 4:45 PM, Joel Shapiro wrote:
>
>> Thanks everybody
>>
>> It's good to hear that SSL doesn't really slow things down too much. I think I'll make the links to the login & checkout pages full https... links, and then let users stay in https via relative links to other pages on the site.
>>
>> FWIW: I had been thinking of checking in the PHP, via something like this:
>> <http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https>
>>
>> Best,
>> -Joel
>>
>>
>>
>> On Dec 7, 2009, at 4:29 PM, Troy Meyers wrote:
>>
>>>> ...The thing about loading the page (say from a menu link) under https is
>>>> that the user could come from anywhere...
>>>
>>> On our site I use a Rewrite Rule to force every page to be https regardless of how it's approached.
>>>
>>> When we switched to this there was no noticeable slowdown. For us it's a good idea because every page has a little log in box (just so you can log in from any page an stay on the same page) and some users want their username prefilled in the box, and I don't want to be sending anything like that out in the clear. AND, as Bob said, people seem to like that "warm feeling" of already being secure.
>>>
>>> -Troy
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list