How do I enable https for particular pages if I got SSL certification using php - Oscommerce - PhpOut

Navane
May 25, 2011
81 views
0 votes
2 Answers

I have received SSL certification for my oscommerce website. I need to enable https:// for some particular pages.

can someone help?

Tags: https oscommerce php ssl

Answers

- Alex
- May 25, 2011 at 7:55 am
- 0 votes
0
Open includes/configure.php and set ENABLE_SSL to TRUE.

As a more generic solution if you’re using Apache…
```
if ( ! isset($_SERVER['https']) OR $_SERVER['https'] != 'On') {
    header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
```
Login or Signup to reply.

- martinstoeckli
- May 25, 2011 at 9:40 am
- 0 votes
0
To access a certain page, you only need to call it with the HTTPS protocol, e.g. https://www.example.com. That was the easy part :-).

One problem you will encounter is, that every secure page has to ensure itself, that it is called exclusively with this protocol. In my opinion this is done best in a generic way in the .htaccess file, so you don’t have to think about implementing it in every page. An example:

http://www.martinstoeckli.ch/php/php.html#ssl_switching

This leads to another problem with the session cookie. For unsecure HTTP pages the cookie will be sent unencrypted and an attacker can hijack the cookie. Switching between secure and unsecure pages will make your session vulnerable. To prevent this you have two possibilities:
1. Protect your whole site with HTTPS. That seems a bit of an overkill, but makes your life easier and shouldn’t be a problem to big for todays servers.
2. Protect your secure pages with a second cookie and leave your session cookie unsecure. An example of how to do it, can be found here: http://www.martinstoeckli.ch/php/php.html#ssl_nomim_cookie
Hope this gives you some ideas.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.