vikky Posted July 30, 2018 Share Posted July 30, 2018 Hi Greetings, I have implemented the User Account in the second site example. I want a user can search and browse the site without SSL but when the user logsin the entire site must run on SSL and when she logs out again she or any person can use the site without SSL. Kindly give the suggestions how can I do it in a professional way. Thanks in Advance, Link to comment Share on other sites More sharing options...
johannsnr Posted July 30, 2018 Share Posted July 30, 2018 Hi Vicky, you can accomplish this by implementing rewrite rules. When the user logs in successfully the rewrite rule will switch the site to https, similarly when she logs out the site reverts to http and your login session is destroyed. Link to comment Share on other sites More sharing options...
JayAtHome Posted July 30, 2018 Share Posted July 30, 2018 Google "Chrome" is wanting all sites to use SSL at all times or will mark pages as not secure. You can still have the site searchable and viewable without signing in if you want it that way. Then when they log in, they get an id number that matches the cart id. (cid) https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl Link to comment Share on other sites More sharing options...
vikky Posted August 15, 2018 Author Share Posted August 15, 2018 Hi, Thank you johannsnr and JayAtHome for your suggestions and the time you gave to look into the matter. Sir Larry what are your suggestions please. Thank you, Link to comment Share on other sites More sharing options...
Larry Posted August 17, 2018 Share Posted August 17, 2018 Yeah, arguably using SSL all the time is the best current practice. Use a rewrite rule to force SSL and ensure you're using relative links everywhere so it should stay on HTTPS. Link to comment Share on other sites More sharing options...
vikky Posted August 30, 2018 Author Share Posted August 30, 2018 Hi Greetings, THANK YOU Larry Sir for the answer. As you have mentioned in your books using SSL puts load on the server. Now my question is for example - - - - - > if I have one server which can handle 100 users at a particular point of time without SSL. How many users that one server can handle approximately with SSL enabled ? Thank You, Link to comment Share on other sites More sharing options...
Larry Posted August 31, 2018 Share Posted August 31, 2018 SSL does put additional loads on the server, but due to improvements in servers and browsers in recent years, it's not significant. I see numbers as low as a 1-2% additional load for SSL. 1 Link to comment Share on other sites More sharing options...
vikky Posted September 3, 2018 Author Share Posted September 3, 2018 Sir extreme thanks for the suggestions. Link to comment Share on other sites More sharing options...
vikky Posted May 22, 2019 Author Share Posted May 22, 2019 Greetings, Sir I asked you about the use of SSL in the site now I want to know how can I use it in the entire site. Below is the given my HTACCESS FILE as it is now - Please guide me how can I modify it so my site can not be accessed without the SSL anywhere. <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine on # For the primary categories: RewriteRule ^shop/(coffee|goodies)/?$ shop.php?type=$1 # For sales: RewriteRule ^shop/sales/?$ /sales.php # For specific products: RewriteRule ^browse/(coffee|goodies)/([A-Za-z\+\-]+)/([0-9]+)/?$ browse.php?type=$1&category=$2&id=$3 # For HTTPS pages: RewriteCond %{HTTPS} off RewriteRule ^(checkout\.php|billing\.php|final\.php|admin/(.*))$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> Thank You Very Much, Link to comment Share on other sites More sharing options...
Larry Posted May 22, 2019 Share Posted May 22, 2019 If you Google "htaccess force ssl" you'll come across articles that explain this, like this one: https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/ Link to comment Share on other sites More sharing options...
Recommended Posts