...

View Full Version : Resolved How to switch HTTP to HTTPS without redirect



just.a.guy
01-14-2012, 07:02 PM
Hi,

New to PHP, and server side programming.

Does using header() to redirect input, actually cause
a round trip from server to client resending the same information
from the client but in an encrypted mode?

I understand that a "redirect" can be used to switch between
HTTP and HTTPS. Is there another way without an additional
the round trip?


-----------------------------------------------------------------

Let me describe what I want to do. It is very simple.

The client types in my URL: domain.com/index.php
or whatever the default page is (most likely in HTTP mode).

The INDEX.PHP returns the login page but the response
should be in HTTPS mode. (Is there a way without doing a redirect
to a secure directory/page. but to just send the response
and force the HTTPS to be the response mode?)

The login page at the client returns the userid and password
in a cookie (which should be encrypted).

The login response file on the server, handles the userid and
password. It returns a secure response if the userid-password
do not match - and continues the secure conversation.

If userid/password is valid, then it serves the first page of the application
(probably in HTTP mode). It would be nice if a session was started
as part of the HTTP response. I understand there are problems with
passing sessions between HTTPS and HTTP.

Is this possible?
-------------------------------------------------------------------

Thanks for your time and consideration.

12k
01-15-2012, 02:52 AM
Unfortunately no because it has to communicate on a different port.

BluePanther
01-15-2012, 10:06 AM
It's not as inefficient as you think. Putting the header redirect at the very top, and accompanied with either exit or die, won't process under the exit message - in other words, the processing on the first page is limited to the if condition, then the header redirect to redirect to https. No other output is sent to the client until they're on https.

So there's no better method really, but there doesn't need to be.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum