How to keep php site from loading outside HTTPS

Asked Feb 28 '14 at 02:18

Active Mar 02 '14 at 00:22

Viewed 29 times

I've created a website in php and I have SSL setup properly on the server. I want to make sure the session stays secure, always within HTTPS environment.
https://example.php is secure, but, I can type http://www.example.php and it loads just fine. I've tried an include file that checks for server variables:

if(isset($_SERVER['HTTPS']))
 {
    if ($_SERVER["HTTPS"] == "on")
     { 
        do something;
     }
else
  {
       header("location:https://example.com/logout.php");
   }

This is not enough to keep the page from loading if I manually enter the url as http.

Will I need change every URL to begin with https or is there a simpler, more elegant solution I am not aware of?

I have tried phpinfo() in https and then in http. If I've been to https first, and then run phpinfo() under http, HTTPS is still set to on.

edited Mar 02 '14 at 00:22

asked Feb 28 '14 at 02:18

Preston

1

it can be done in .httacess, google it – Feb 28 '14 at 02:18
I did Google it, and now I'm conversive in .htaccess. See my post here: http://stackoverflow.com/a/7981030/3118341 – Preston Apr 02 '14 at 19:51

How to keep php site from loading outside HTTPS

0 Answers0