Home >Backend Development >PHP Tutorial >Convert between PHP http and https_PHP tutorial
In J2EE, for different requests of https and http, the web container will generate two different session objects; therefore, if only some pages in the same web application use SSL, ensure that the pages use SSL To maintain continuous session switching between pages that do not use SSL (that is, switching between https requests and http requests), this can be achieved by passing the sessionId in the accessed URL, that is, on the URL entering or exiting https. Bind a sessionId. For example, when switching from http to https, the URL is: https://xxx/login.do;jsessionid=<%=session.getId()%>. When switching from https to http, the URL is: http: //xxx/xxx.do;jsessionid=<%=session.getId()%>. In this way, the web container will give priority to obtaining the session object based on this sessionid instead of generating a new sessionid, which can ensure that the session remains unchanged when switching between http and https (this method has been verified on Tomcat).
Since the sessionid bound to the URL is easy to be stolen, in order to ensure that the session is not hijacked, the session authentication needs to be combined with the client IP. That is, after the user successfully logs in, through session.setAttribute("clientIp",request .getRemoteAddr()) saves the client's IP address. When subsequently authenticating the validity of the session, it must be determined whether the client's IP is the client IP originally stored in the clientIP attribute of the session object. If not, the session is an illegal session.
http jumps directly to https, just redirect it. It’s even easier with php:
<?php header("Location:https://www.bkjia.com"); ?>
When accessing http, jump to https:
<?php //http转化为https if ($_SERVER["HTTPS"] <> "on") { $xredir="https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; header("Location: ".$xredir); } ?>
When accessing https, jump to http:
<?php //https转化为http if ($_SERVER["HTTPS"] == "on") { $xredir="http://".$_SERVER["SERVER_NAME"]. $_SERVER["REQUEST_URI"]; header("Location: ".$xredir); } ?>
Just include the above code at the beginning of the web page.