vikky 0 Posted July 30, 2018 Report Share Posted July 30, 2018 Hi Greetings, I have implemented the User Account in the second site example. I want a user can search and browse the site without SSL but when the user logsin the entire site must run on SSL and when she logs out again she or any person can use the site without SSL. Kindly give the suggestions how can I do it in a professional way. Thanks in Advance, Quote Link to post Share on other sites
johannsnr 0 Posted July 30, 2018 Report Share Posted July 30, 2018 Hi Vicky, you can accomplish this by implementing rewrite rules. When the user logs in successfully the rewrite rule will switch the site to https, similarly when she logs out the site reverts to http and your login session is destroyed. Quote Link to post Share on other sites
JayAtHome 0 Posted July 30, 2018 Report Share Posted July 30, 2018 Google "Chrome" is wanting all sites to use SSL at all times or will mark pages as not secure. You can still have the site searchable and viewable without signing in if you want it that way. Then when they log in, they get an id number that matches the cart id. (cid) https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl Quote Link to post Share on other sites
vikky 0 Posted August 15, 2018 Author Report Share Posted August 15, 2018 Hi, Thank you johannsnr and JayAtHome for your suggestions and the time you gave to look into the matter. Sir Larry what are your suggestions please. Thank you, Quote Link to post Share on other sites
Larry 428 Posted August 17, 2018 Report Share Posted August 17, 2018 Yeah, arguably using SSL all the time is the best current practice. Use a rewrite rule to force SSL and ensure you're using relative links everywhere so it should stay on HTTPS. Quote Link to post Share on other sites
vikky 0 Posted August 30, 2018 Author Report Share Posted August 30, 2018 Hi Greetings, THANK YOU Larry Sir for the answer. As you have mentioned in your books using SSL puts load on the server. Now my question is for example - - - - - > if I have one server which can handle 100 users at a particular point of time without SSL. How many users that one server can handle approximately with SSL enabled ? Thank You, Quote Link to post Share on other sites
Larry 428 Posted August 31, 2018 Report Share Posted August 31, 2018 SSL does put additional loads on the server, but due to improvements in servers and browsers in recent years, it's not significant. I see numbers as low as a 1-2% additional load for SSL. 1 Quote Link to post Share on other sites
vikky 0 Posted September 3, 2018 Author Report Share Posted September 3, 2018 Sir extreme thanks for the suggestions. Quote Link to post Share on other sites
vikky 0 Posted May 22, 2019 Author Report Share Posted May 22, 2019 Greetings, Sir I asked you about the use of SSL in the site now I want to know how can I use it in the entire site. Below is the given my HTACCESS FILE as it is now - Please guide me how can I modify it so my site can not be accessed without the SSL anywhere. <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine on # For the primary categories: RewriteRule ^shop/(coffee|goodies)/?$ shop.php?type=$1 # For sales: RewriteRule ^shop/sales/?$ /sales.php # For specific products: RewriteRule ^browse/(coffee|goodies)/([A-Za-z\+\-]+)/([0-9]+)/?$ browse.php?type=$1&category=$2&id=$3 # For HTTPS pages: RewriteCond %{HTTPS} off RewriteRule ^(checkout\.php|billing\.php|final\.php|admin/(.*))$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> Thank You Very Much, Quote Link to post Share on other sites
Larry 428 Posted May 22, 2019 Report Share Posted May 22, 2019 If you Google "htaccess force ssl" you'll come across articles that explain this, like this one: https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.