Comments on: Redirect to https (SSL) in php http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/ Mon, 30 Jan 2012 01:35:00 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Arnab Bhattacharjee http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-13280 Arnab Bhattacharjee Thu, 19 Jan 2012 10:50:00 +0000 http://www.phpgenious.com/?p=284#comment-13280 Nice code. It is changing the entire site to https. But how could I exclude cgi-bin folder from this effect. There are some cgi scripts kept in this folder, and they are calling by cronjob. If the entire site follows the https protocol the scripts are not working properly. Nice code. It is changing the entire site to https. But how could I exclude cgi-bin folder from this effect. There are some cgi scripts kept in this folder, and they are calling by cronjob.

If the entire site follows the https protocol the scripts are not working properly.

]]> By: Niranjan http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-13230 Niranjan Fri, 05 Aug 2011 09:50:00 +0000 http://www.phpgenious.com/?p=284#comment-13230  Many many thanks it helped me  Many many thanks it helped me

]]> By: Mailtoitkarthi http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-10261 Mailtoitkarthi Sat, 18 Sep 2010 09:56:00 +0000 http://www.phpgenious.com/?p=284#comment-10261 Very Very Thanks.... it is very useful.. Very Very Thanks…. it is very useful..

]]> By: Geoff http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-8830 Geoff Thu, 06 May 2010 18:44:07 +0000 http://www.phpgenious.com/?p=284#comment-8830 Thank you! I have been trying to find a simple way to do this. Thank you! I have been trying to find a simple way to do this.

]]> By: Geoff http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-10224 Geoff Thu, 06 May 2010 18:44:00 +0000 http://www.phpgenious.com/?p=284#comment-10224 Thank you! I have been trying to find a simple way to do this. Thank you! I have been trying to find a simple way to do this.

]]> By: Simon Paarlberg http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-1503 Simon Paarlberg Sat, 11 Apr 2009 21:37:32 +0000 http://www.phpgenious.com/?p=284#comment-1503 Hi good explanation. I have some real world experience to add; When using PHP to redirect to the secure connection, it's a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection. In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session. I always send the user back to the login prompt while giving them a new session-id. Then all should be OK :-) Hi good explanation. I have some real world experience to add;

When using PHP to redirect to the secure connection, it’s a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection.
In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session.

I always send the user back to the login prompt while giving them a new session-id. Then all should be OK :-)

]]> By: Simon Paarlberg http://www.phpgenious.com/2009/03/redirect-to-https-ssl-in-php/comment-page-1/#comment-10223 Simon Paarlberg Sat, 11 Apr 2009 21:37:00 +0000 http://www.phpgenious.com/?p=284#comment-10223 Hi good explanation. I have some real world experience to add; When using PHP to redirect to the secure connection, it's a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection. In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session. I always send the user back to the login prompt while giving them a new session-id. Then all should be OK :-) Hi good explanation. I have some real world experience to add;

When using PHP to redirect to the secure connection, it’s a bad idea to redirect the payload (ex. ?password=something_secret) directly to the script. The reason for this is, that you or your users will usually not know that the information has been passed through an unsecure connection.
In this case you should make sure that everybody knows that an embarrassing error has been made, so it motivates you to correct the flaw. Otherwise such a mistake, can exist for years without you knowing it and thus render the SSL tunnel less secure. Remember all it takes is the session-id and someone evil can gain access to you session.

I always send the user back to the login prompt while giving them a new session-id. Then all should be OK :-)

]]>