Posted by e_matthes on 06/06/07 16:54

On Jun 6, 8:43 am, howa <howac...@gmail.com> wrote:
> On Jun 7, 12:35 am, e_matt...@hotmail.com wrote:
>
>
>
> > On Jun 6, 7:53 am, howa <howac...@gmail.com> wrote:
>
> > > a page currently in HTTPS, I force the client to redirect to another
> > > page using HTTP under the same domain (e.g. abc.com), i.e.
>
> > > header("Location:http://www.abc.com/index.php");
>
> > > IE successfully redirect to HTTP,
>
> > > but FF & Opera stay on the HTTPS
>
> > > any suggestions?
>
> > > thanks.
>
> > I just dealt with this, and I ended up using an .htaccess file to
> > rewrite http or https as appropriate. Have you considered this
> > approach?
>
> you mean mod_rewrite or just apache redirect?


I'm not sure exactly what it's called, but this is how it works. I
have one folder containing all the pages that should only be served
over https. In that folder, I have an htaccess file that contains the
following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI}


That ensures any request to this folder is served over https. There
are many links out from this folder, so following one of those links
might keep the user on https longer than necessary. So, in the public
html folder there is an htaccess file with these lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule (.*) http://%{SERVER_NAME}%{REQUEST_URI}

Works well so far.

[Back to original message]