Use PHP to check if page was accessed with SSL

前端未结

关注

 8  932

迷失自我 2020-12-05 13:04

Is there a way to check if the current page was opened with SSL? For example, I want my login page (login.php) to check if it was accessed using SSL (https://mywebserver.com

8条回答

挽巷 (楼主)

2020-12-05 13:37
Another method is to check for the existence of HTTPS cookies. First your server needs to send the browser a cookie with the secure flag:
```
Set-Cookie:some_key=some_value;secure
```
After your server has sent the browser the cookie, whenever the browser requests a page from your server, it will send along the secure cookie some_key=some_value only if it is requesting a HTTPS page. This means that if you see the existence of the cookie some_key=some_value you know that the browser is requesting a HTTPS page. Voila!

Browser support is very good, as this is fundamental to security. Browsers without support for HTTPS cookies are Firesheepable when users request pages from non-HSTSed domains.

For more info, see:
- https://httpsnow.org/help/securecookies
- https://www.owasp.org/index.php/SecureFlag#Overview
- https://stackoverflow.com/a/13730187/632951
- https://security.stackexchange.com/q/100/2379
0 讨论(0)

查看其它8个回答
发布评论:

提交评论
- 加载中...