Is there anyway to use relative addressing and specify that a page needs to be loaded via SSL?

Or do you always have to use absolute addressing (e.g. "https://www.foo.com/foo.php")?

--Bruce

Good question, i've been wondering the same :).

Use .htaccess on a directory, domain, or subdomain and set a rewrite condition forcing all http:// to https://

-Matt

Or - if you desire - track the port the user's connecting to($_SERVER['SERVER_PORT']) and if 80 do a header('location: ...'); pointing to https.

-Matt

Hmm, are there any other ways?

RackNine,

Could you post an example please?

--Bruce

What he's saying is


<?php
if($_SERVER['SERVER_PORT'] == "80")
{
header('location: https://domain.com');
exit;
}
?>

Which is pretty much still a "force push" as you have to point it to either https://domain.com, or https://www.domain, instead of it pushing from the current location of the user ie user is at http://domain.com, script pushes him to https://www.domain.com ;o).

Thanks for the example, but I was really asking for an example of the .htaccess mrthod.

I understand the header(location: xxx) method, but I was asking about sending the user to https via a call to a page relative to the current page, without having to specify the complete URL.

--Bruce

There is no way to do that using HTML. You either use JavaScript or a server side solution (PHP, CGI, mod_rewrite, ASP, ..)

With PHP:


if($_SERVER['SERVER_PORT'] != "443") {
$newURL = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_URL'];
header("location: $newURL");
exit;
}
?>


With mod_rewrite... tested in .htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R]