vikky 0 Report post Posted July 30, 2018 Hi Greetings, I have implemented the User Account in the second site example. I want a user can search and browse the site without SSL but when the user logsin the entire site must run on SSL and when she logs out again she or any person can use the site without SSL. Kindly give the suggestions how can I do it in a professional way. Thanks in Advance, Quote Share this post Link to post Share on other sites
johannsnr 0 Report post Posted July 30, 2018 Hi Vicky, you can accomplish this by implementing rewrite rules. When the user logs in successfully the rewrite rule will switch the site to https, similarly when she logs out the site reverts to http and your login session is destroyed. Quote Share this post Link to post Share on other sites
JayAtHome 0 Report post Posted July 30, 2018 Google "Chrome" is wanting all sites to use SSL at all times or will mark pages as not secure. You can still have the site searchable and viewable without signing in if you want it that way. Then when they log in, they get an id number that matches the cart id. (cid) https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl Quote Share this post Link to post Share on other sites
vikky 0 Report post Posted August 15, 2018 Hi, Thank you johannsnr and JayAtHome for your suggestions and the time you gave to look into the matter. Sir Larry what are your suggestions please. Thank you, Quote Share this post Link to post Share on other sites
Larry 422 Report post Posted August 17, 2018 Yeah, arguably using SSL all the time is the best current practice. Use a rewrite rule to force SSL and ensure you're using relative links everywhere so it should stay on HTTPS. Quote Share this post Link to post Share on other sites
vikky 0 Report post Posted August 30, 2018 Hi Greetings, THANK YOU Larry Sir for the answer. As you have mentioned in your books using SSL puts load on the server. Now my question is for example - - - - - > if I have one server which can handle 100 users at a particular point of time without SSL. How many users that one server can handle approximately with SSL enabled ? Thank You, Quote Share this post Link to post Share on other sites
Larry 422 Report post Posted August 31, 2018 SSL does put additional loads on the server, but due to improvements in servers and browsers in recent years, it's not significant. I see numbers as low as a 1-2% additional load for SSL. 1 Quote Share this post Link to post Share on other sites
vikky 0 Report post Posted September 3, 2018 Sir extreme thanks for the suggestions. Quote Share this post Link to post Share on other sites
vikky 0 Report post Posted May 22 Greetings, Sir I asked you about the use of SSL in the site now I want to know how can I use it in the entire site. Below is the given my HTACCESS FILE as it is now - Please guide me how can I modify it so my site can not be accessed without the SSL anywhere. <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine on # For the primary categories: RewriteRule ^shop/(coffee|goodies)/?$ shop.php?type=$1 # For sales: RewriteRule ^shop/sales/?$ /sales.php # For specific products: RewriteRule ^browse/(coffee|goodies)/([A-Za-z\+\-]+)/([0-9]+)/?$ browse.php?type=$1&category=$2&id=$3 # For HTTPS pages: RewriteCond %{HTTPS} off RewriteRule ^(checkout\.php|billing\.php|final\.php|admin/(.*))$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> Thank You Very Much, Quote Share this post Link to post Share on other sites
Larry 422 Report post Posted May 22 If you Google "htaccess force ssl" you'll come across articles that explain this, like this one: https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/ Quote Share this post Link to post Share on other sites
