Home > Backend Development > PHP Tutorial > Convert between PHP http and https_PHP tutorial

Convert between PHP http and https_PHP tutorial

WBOY
Release: 2016-07-13 10:33:41
Original
1488 people have browsed it

In J2EE, for different requests of https and http, the web container will generate two different session objects; therefore, if only some pages in the same web application use SSL, ensure that the pages use SSL To maintain continuous session switching between pages that do not use SSL (that is, switching between https requests and http requests), this can be achieved by passing the sessionId in the accessed URL, that is, on the URL entering or exiting https. Bind a sessionId. For example, when switching from http to https, the URL is: https://xxx/login.do;jsessionid=<%=session.getId()%>. When switching from https to http, the URL is: http: //xxx/xxx.do;jsessionid=<%=session.getId()%>. In this way, the web container will give priority to obtaining the session object based on this sessionid instead of generating a new sessionid, which can ensure that the session remains unchanged when switching between http and https (this method has been verified on Tomcat).

Since the sessionid bound to the URL is easy to be stolen, in order to ensure that the session is not hijacked, the session authentication needs to be combined with the client IP. That is, after the user successfully logs in, through session.setAttribute("clientIp",request .getRemoteAddr()) saves the client's IP address. When subsequently authenticating the validity of the session, it must be determined whether the client's IP is the client IP originally stored in the clientIP attribute of the session object. If not, the session is an illegal session.

http jumps directly to https, just redirect it. It’s even easier with php:

<?php
	header("Location:https://www.bkjia.com");
?>
Copy after login

When accessing http, jump to https:

<?php
//http转化为https   
if ($_SERVER["HTTPS"] <> "on")
{
	$xredir="https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
	header("Location: ".$xredir);
}
?>  
Copy after login

When accessing https, jump to http:

<?php
//https转化为http   
if ($_SERVER["HTTPS"] == "on")  
{  
	$xredir="http://".$_SERVER["SERVER_NAME"]. $_SERVER["REQUEST_URI"];  
	header("Location: ".$xredir);  
}   
?>
Copy after login

Just include the above code at the beginning of the web page.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/752426.htmlTechArticleIn J2EE, for different requests of https and http, the Web container will generate two different session objects; therefore , if only some pages in the same web application use SSL, make sure to use...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template