Once https page is visited, all subsequent pages are served from https

Question

I can't tell if this is a problem with the shopping cart system I just installed, or something I did wrong (or if it's even a real problem) -- but here is what is happening:

I have some pages on my site that are served from https (e.g. shopping cart checkout). I have other pages that are plain http (e.g. my phpBB discussion forum).

What is happening is that if I visit a secure page, then click on a link to a non-secure page, it is still showing up in the browser address bar as "https://www.foo.com/unsecure_stuff" -- with the padlock and green security indicator, etc.

If I never visit a secure page, then the rest of the site behaves as normal.

This isn't a huge deal, but some things like facebook 'like' button will not display for some reason. I also want to know what the root cause is, and how it might be fixed.

The store directory has its own .htaccess and there is this section in there - which I don't understand, but perhaps this is the reason for the continuing redirect to https?

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /store

Thanks...

Chase Hubbard · Accepted Answer

Your answer is correct, the HTTPS:// will persist if you use relative paths for your links, and the solution is to do as you said, and use full URL paths.

However, as far as I know, it is not an issue to have the full site running the SSL if you have a ton of links and don't want to go through and change them. Maybe a very very slight performance issue, but most likely nothing you would ever notice. For more, see this: HTTP vs HTTPS performance

Also, you should use the iframe FB like button, and then point the url to // instead of http:// or https:// , see: Facebook 'Like' button breaks https/SSL

Once https page is visited, all subsequent pages are served from https

Answers (2)

Related Questions