[FX.php List] [OFF] https per page?

Joel Shapiro jsfmp at earthlink.net
Mon Dec 7 21:17:33 MST 2009


Thanks Dale.  I can definitely see the value in that approach.  I've  
never needed to be that flexible, but it's something to work towards.

Out of curiosity, do you choose to use absolute references for  
everything specifically because of this method, or is there some other  
reason you find them preferable to relative references?

-Joel


On Dec 7, 2009, at 6:32 PM, Dale Bengston wrote:

> I handle this problem by including a config file at the top of my  
> pages that toggles a whole bunch of constants. These constants  
> include http vs https, data source, default ports, domain names,  
> default page (for testing) vs. none (controlled by Apache on live  
> server), etc. I build all my urls from these constants - everything  
> uses absolute references, even JavaScript includes, AJAX calls,  
> image references and CSS files.
>
> I am currently developing a site that runs on my laptop using MySQL  
> and http, and when I put the pages live, it "knows" to do https and  
> use MS SQL Server. No interaction necessary... which is good because  
> I used to forget to change *something* every time. I toggle a lot of  
> other things in this config too, like error reporting, debugging  
> feedback, and so on.
>
> This was a bit of a hassle to get set up, but it was definitely  
> worth the effort. Toggling this way not only allows you to work on  
> different servers, but also different platforms and with different  
> data sources by flipping a few environment variables. I recently  
> adapted it to work with SQL Server (yes, FX.php too) so I can spin  
> in yet another direction.
>
> Dale
>
>
> On Dec 7, 2009, at 7:44 PM, Joel Shapiro wrote:
>
>> Hi again
>>
>> Having full https... links makes it difficult to have a copy of the  
>> site on my development machine and be able to just copy pages over  
>> to the client's server (href="https://localhost/login.php" vs href="https://client.com/login.php 
>> ")
>>
>> Using the php script from that link below seems to work really well.
>>
>> Can anybody see any reasons why it might be a bad/unsafe idea to  
>> use it?  This way, I can keep all my links relative, and the login  
>> and checkout pages will still *always* be https.
>>
>> <?php
>> if ($_SERVER['SERVER_PORT']!=443)
>> {
>> $url = "https://". $_SERVER['SERVER_NAME'] . ":443". 
>> $_SERVER['REQUEST_URI'];
>> header("Location: $url");
>> }
>> ?>
>>
>> (I suppose I could use a variable for the domain with https links,  
>> but I kinda like this script)
>>
>> -Joel
>>
>>
>> On Dec 7, 2009, at 4:45 PM, Joel Shapiro wrote:
>>
>>> Thanks everybody
>>>
>>> It's good to hear that SSL doesn't really slow things down too  
>>> much.  I think I'll make the links to the login & checkout pages  
>>> full https... links, and then let users stay in https via relative  
>>> links to other pages on the site.
>>>
>>> FWIW: I had been thinking of checking in the PHP, via something  
>>> like this:
>>> <http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https 
>>> >
>>>
>>> Best,
>>> -Joel
>>>
>>>
>>>
>>> On Dec 7, 2009, at 4:29 PM, Troy Meyers wrote:
>>>
>>>>> ...The thing about loading the page (say from a menu link) under  
>>>>> https is
>>>>> that the user could come from anywhere...
>>>>
>>>> On our site I use a Rewrite Rule to force every page to be https  
>>>> regardless of how it's approached.
>>>>
>>>> When we switched to this there was no noticeable slowdown. For us  
>>>> it's a good idea because every page has a little log in box (just  
>>>> so you can log in from any page an stay on the same page) and  
>>>> some users want their username prefilled in the box, and I don't  
>>>> want to be sending anything like that out in the clear. AND, as  
>>>> Bob said, people seem to like that "warm feeling" of already  
>>>> being secure.
>>>>
>>>> -Troy
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list