[nycphp-talk] Switching Forth and Back Between HTTP and HTTPS
Michael B Allen
ioplex at gmail.com
Sun Aug 10 14:24:48 EDT 2008
Can someone share their best practices regarding transitioning between
HTTP and HTTPS protected resources?
For example, consider a page with several tabs - one of which is
linked to a shopping cart. The shopping cart should be protected with
HTTPS whereas the other tabs should not.
It's not hard to make the shopping cart link https:// but once at the
shopping cart page, all links back to non-SSL protected resources
would need to be emitted (or rewritten) as full non-HTTPS URLs. And
that's not really desirable anyway since many browsers can flag such
pages as non-fully protected.
One relatively simple solution is to maintain a list of protected
resources and then redirect the client to HTTPS if the target is to be
protected and the client is not already under HTTPS. If the route does
not match and the client is under HTTPS then they are redirected back.
The downside is that the redirection is not terribly efficient.
How do you handle this scenario?
Mike
More information about the talk
mailing list