[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] problems with the HTTPS environment variable provided by Apache

Subject: Re: [cobalt-users] problems with the HTTPS environment variable provided by Apache
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Tue May 1 02:00:07 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> We are working on a PHP-based e-commerce platform which offers
> secure connections via SSL encryption. As the application needs
> to find out whether SSL is being used for the current connection,
> it checks the HTTPS environment variable provided by Apache.

Why not grab the URL itself from the environment variable, parse it at
the colon, and do a check to see whether it says http or https?
Then if it does say https, continue - if not, dump 'em back to the
front page (or wherever) using the header:Location. I'd also use
sessions with this type of setup, so that someone can't come bouncing
into the third in a series of order pages without actually ordering
anything.

CarrieB

Follow-Ups:
- [cobalt-users] DNS Replication
  - From: CSN Support

References:
- [cobalt-users] problems with the HTTPS environment variable provi ded by Apache
  - From: Juergen Weber

Prev by Date: Re: AW: [cobalt-users] dip.t-dialin.net IP Range
Next by Date: Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more
Previous by thread: [cobalt-users] problems with the HTTPS environment variable provi ded by Apache
Next by thread: [cobalt-users] DNS Replication

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index