Jump to content
Larry Ullman's Book Forums
vikky

Regarding User Account in Second Site

Recommended Posts

Hi Greetings,

 

I have implemented the User Account in the second site example.

I want a user can search and browse the site without SSL but when the user logsin the entire site must run on SSL and when she logs out again she or any person can use the site without SSL.

Kindly give the suggestions how can I do it in a professional way.

Thanks in Advance,

Share this post


Link to post
Share on other sites

Hi Vicky, you can accomplish this by implementing rewrite rules. When the user logs in successfully the rewrite rule will switch the site to https, similarly when she logs out the site reverts to http and your login session is destroyed.

Share this post


Link to post
Share on other sites

Google "Chrome" is wanting all sites to use SSL at all times or will mark pages as not secure.
You can still have the site searchable and viewable without signing in if you want it that way.
Then when they log in, they get an id number that matches the cart id. (cid)

https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

Share this post


Link to post
Share on other sites

Hi,

         Thank you johannsnr and JayAtHome for your suggestions and the time you gave to look into the matter.

         Sir Larry what are your suggestions please.

Thank you,

Share this post


Link to post
Share on other sites

Yeah, arguably using SSL all the time is the best current practice. Use a rewrite rule to force SSL and ensure you're using relative links everywhere so it should stay on HTTPS.

Share this post


Link to post
Share on other sites

Hi Greetings,

THANK YOU Larry Sir for the answer.

As you have mentioned in your books using SSL puts load on the server.

Now my question is for example - - - - - > if I have one server which can handle 100 users at a particular point of time without SSL.

How many users that one server can handle approximately with SSL enabled ?

Thank You,

Share this post


Link to post
Share on other sites

SSL does put additional loads on the server, but due to improvements in servers and browsers in recent years, it's not significant. I see numbers as low as a 1-2% additional load for SSL. 

  • Like 1

Share this post


Link to post
Share on other sites

Greetings,

Sir I asked you about the use of SSL in the site now I want to know how can I use it in the entire site.

Below is the given my HTACCESS FILE as it is now - Please guide me how can I modify it so my site can not be accessed without the SSL anywhere.

 

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine on

# For the primary categories:
RewriteRule ^shop/(coffee|goodies)/?$ shop.php?type=$1

# For sales:
RewriteRule ^shop/sales/?$ /sales.php

# For specific products:
RewriteRule ^browse/(coffee|goodies)/([A-Za-z\+\-]+)/([0-9]+)/?$ browse.php?type=$1&category=$2&id=$3

# For HTTPS pages:
RewriteCond %{HTTPS} off
RewriteRule ^(checkout\.php|billing\.php|final\.php|admin/(.*))$ https://%{HTTP_HOST}/$1 [R=301,L]

</IfModule>

 

Thank You Very Much,

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...