PHP - 从 HTTP 重定向到 HTTPS 时保持会话?
我正在开发一个简单的购物车。当用户单击“结帐”时,URL 将从 HTTP 更改为 HTTPS。不幸的是,会话似乎没有延续,并且我收到有关 $_SESSION['cart'] (我保存信息的地方)不存在的错误。
我尝试使用 mod_rewrite 将所有 HTTP 重定向到 HTTPS,以便会话全部位于 HTTPS 上:
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
这有效。然而,一个页面上嵌入了 Google 地图,并且它是一个 HTTP URL,因此 IE 会发出有关某些元素不安全等的警告。
因此,我要么需要知道如何使用 mod-rewrite 排除页面(它向我发送了无限的请求)当我尝试时重定向循环)或者维持 http 和 https 之间的会话。谢谢。
I'm working on a simple shopping cart. When the user clicks checkout the URL changes from HTTP to HTTPS. Unfortunately the session does not appear to carry over and I get errors about $_SESSION['cart'] (where I hold the info) not existing.
I tried using mod_rewrite to redirect all HTTP to HTTPS so that the session would all be on HTTPS:
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This worked. However, one page has Google Maps embedded on it, and it's a HTTP URL so IE gives warnings about some elements being insecure etc.
So, I either need to know how to exclude a page with mod-rewrite (it sent me on an infinite redirect loop when I tried) or else to maintain the session between http and https. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
没有理由让你的整个网站都使用 https,你可以这样做,只将必要的页面重定向到 https:
没有理由你不能在安全页面上从 http 访问 cookie 设置,我一直这样做(除非您使用安全 cookie,如果是这种情况,解决方案是不使用安全 cookie 或确保您的整个商店都是 https)。
另外,如果您从 http://example.com 重定向到 http://www.example.com 您将丢失您的 cookie。
但要回答你的问题,如果你想让你的整个网站除地图页面外都使用 https,你可以这样做:
There's no reason to make your entire website use https, you could do something like this to only redirect necessary pages to https:
There's no reason you can't access a cookie set from http on a secure page, I do this all the time (unless you're using secure cookies, if that's the case the solution is to not use secure cookies or make sure your entire store is https).
Also, if you're redirecting from, say, http://example.com to http://www.example.com you will lose your cookies.
But to answer your question, if you want to make your entire site use https except the map page, you could do something like this:
这里有很多方法:
在 PHP 中从 HTTP 切换到 HTTPS 时会话丢失
关于处理页面链接中的 HTTPS 的想法 - 处理此问题的一种方法是让您的绝对 url 成为一个明确的常量,该常量根据 SSL 是否处于活动状态而有所不同。
然后,您可以将结账页面中绝对网址的所有实例替换为 ABS_URL。
Lots of approaches here:
Session lost when switching from HTTP to HTTPS in PHP
Just a though on handling HTTPS in links on the page - One way of handling this is to have your absolute url be a definite constant that is different depending on whether or not SSL is active.
You can then replace ALL instances of your absolute url in the checkout page with ABS_URL.