Reputation: 8783
Redirecting from HTTP to HTTPS with PHP
I'm working on a shopping cart website and I would like to redirect the user to a HTTPS page when he's entering his billing details and maintain the HTTPS connection for the next pages until he logs out.
What do I need to install on the server (I'm using Apache) in order to do this, and how can this redirect be done from PHP?
Upvotes: 125
Views: 220147
Answers (5)
Reputation: 1677
On my AWS beanstalk server, I don't see $_SERVER['HTTPS'] variable. I do see $_SERVER['HTTP_X_FORWARDED_PROTO'] which can be either 'http' or 'https' so if you're hosting on AWS, use this:
if ($_SERVER['HTTP_HOST'] != 'localhost' and $_SERVER['HTTP_X_FORWARDED_PROTO'] != "https") {
$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $location);
exit;
}
Upvotes: 6
Reputation: 854
Try something like this (should work for Apache and IIS):
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === "off") {
$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $location);
exit;
}
Upvotes: 290
Reputation: 409
This is a good way to do it:
<?php
if (!(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' ||
$_SERVER['HTTPS'] == 1) ||
isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{
$redirect = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $redirect);
exit();
}
?>
Upvotes: 31
Reputation: 12003
Redirecting from HTTP to HTTPS with PHP on IIS
I was having trouble getting redirection to HTTPS to work on a Windows server which runs version 6 of MS Internet Information Services (IIS). I’m more used to working with Apache on a Linux host so I turned to the Internet for help and this was the highest ranking Stack Overflow question when I searched for “php redirect http to https”. However, the selected answer didn’t work for me.
After some trial and error, I discovered that with IIS, $_SERVER['HTTPS'] is
set to off for non-TLS connections. I thought the following code should
help any other IIS users who come to this question via search engine.
<?php
if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
$redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header("Location: $redirect_url");
exit();
}
?>
Edit: From another Stack Overflow answer,
a simpler solution is to check if($_SERVER["HTTPS"] != "on").
Upvotes: 8
Reputation: 41080
You can always use
header('Location: https://www.domain.com/cart_save/');
to redirect to the save URL.
But I would recommend to do it by .htaccess and the Apache rewrite rules.
Upvotes: 6
Related Questions
- php redirecting code http to https
- Redirect to a specfic url http to https
- Redirect all requests with http to https
- Redirect to https server in php
- HTTP to HTTPS Redirection Issue
- Redirect HTTPS to HTTP
- how to redirect page to https in php?
- Secure redirect from HTTP to HTTPS
- Redirect from secure https to http for only one page
- Redirect http to https