Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Dec 2011
    Thanked 1 Time in 1 Post

    How to switch HTTP to HTTPS without redirect


    New to PHP, and server side programming.

    Does using header() to redirect input, actually cause
    a round trip from server to client resending the same information
    from the client but in an encrypted mode?

    I understand that a "redirect" can be used to switch between
    HTTP and HTTPS. Is there another way without an additional
    the round trip?


    Let me describe what I want to do. It is very simple.

    The client types in my URL: domain.com/index.php
    or whatever the default page is (most likely in HTTP mode).

    The INDEX.PHP returns the login page but the response
    should be in HTTPS mode. (Is there a way without doing a redirect
    to a secure directory/page. but to just send the response
    and force the HTTPS to be the response mode?)

    The login page at the client returns the userid and password
    in a cookie (which should be encrypted).

    The login response file on the server, handles the userid and
    password. It returns a secure response if the userid-password
    do not match - and continues the secure conversation.

    If userid/password is valid, then it serves the first page of the application
    (probably in HTTP mode). It would be nice if a session was started
    as part of the HTTP response. I understand there are problems with
    passing sessions between HTTPS and HTTP.

    Is this possible?

    Thanks for your time and consideration.
    Last edited by just.a.guy; 01-15-2012 at 05:30 PM.

  2. #2
    New Coder
    Join Date
    Jan 2012
    Thanked 6 Times in 6 Posts
    Unfortunately no because it has to communicate on a different port.

  3. Users who have thanked 12k for this post:

    just.a.guy (01-15-2012)

  4. #3
    Senior Coder
    Join Date
    Jul 2011
    Thanked 171 Times in 171 Posts
    It's not as inefficient as you think. Putting the header redirect at the very top, and accompanied with either exit or die, won't process under the exit message - in other words, the processing on the first page is limited to the if condition, then the header redirect to redirect to https. No other output is sent to the client until they're on https.

    So there's no better method really, but there doesn't need to be.
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    // With this
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  5. Users who have thanked BluePanther for this post:

    just.a.guy (01-15-2012)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts