How do I use PHP with SSL

Question

My server provides SSL connections via https, although the certificate costs extra...

Is there anything that needs to be changed in the PHP code to utilize this protocol?

My site has:

• ajax forms via POST
• regular forms and pages using POST and GET parameters
• Session variables

Answer 1

you can use the server .htaccess file to redirect all your links. So when the standard page is opened via say a link the server redirects to the https version...

# Permanent reirect ALL old pages to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Answer 2

I'd have to say the same as mvbrakel, but as far as session cookies/cookies you will want to turn on HTTPS only if you are using https on ALL your pages.

Also adding HTTP only to cookies, js scripts won't be able to check value and such.

Answer 3

You should be good to go. PHP does not impact the use of SSL or not.

Things you should check are:

• Are all URLS in you application relative (no http://)
• Are assets (CSS/JS/IMG) used in your site (both from internal and external sources) also as relative paths or prefixed with https://

Having an asset without https:// in a SSL powered site, the browsers will warn you visitors that something ain't right.

Answer 4

The code does not need to be changed, other than to change all links from http:// to https:// (seriously, don't forget that, else you aren't using SSL...)

Answer 5

Other than any hard-coded URLs, no, your code shouldn't know about the difference, nor care.