0

I have a php application in place. I'm working on installing an SSL certificate on my web host and forcing all connections during login and after login to use the certificate. How would I go about this? Do I just have a simple force SSL on the login page, and then everything after will remain on the SSL port?

if($_SERVER["HTTPS"] != "on")
{
    header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    exit();
}

Will something like that on my login page force the SSL connection for the user even after login? The reason I need SSL after login is that the php application requires and handles a lot of company financial data.

If I needed the code on each page, this would screw up sending post data as the header redirect would not carry the post data a long with it.

user2843198
  • 95
  • 1
  • 9
  • you can do this in .htacess –  Oct 30 '14 at 19:42
  • possible duplicate of [Force SSL/HTTPS with Zend Framework and mod\_rewrite](http://stackoverflow.com/questions/1329647/force-ssl-https-with-zend-framework-and-mod-rewrite) –  Oct 30 '14 at 19:43

2 Answers2

0

There is no reason to not have all connections secured.

in your .htaccess

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
cmorrissey
  • 8,493
  • 2
  • 23
  • 27
  • But remember, when you have an ssl connection, the browser will not cache your website data. Hence your site will be slow. So understand ssl well and implement. – Roni Oct 30 '14 at 19:44
0

Actually that one variable is kinda confusing. It's only present if you're using SSL

if(isset($_SERVER["HTTPS"])) // SSL

As mentioned by other answers, this really is best left to the web server configuration. All of them have ways of forcing SSL

Machavity
  • 30,841
  • 27
  • 92
  • 100