Can someone share their best practices regarding transitioning between HTTP and HTTPS protected resources?
For example, consider a page with several tabs - one of which is linked to a shopping cart. The shopping cart should be protected with HTTPS whereas the other tabs should not. It's not hard to make the shopping cart link https:// but once at the shopping cart page, all links back to non-SSL protected resources would need to be emitted (or rewritten) as full non-HTTPS URLs. And that's not really desirable anyway since many browsers can flag such pages as non-fully protected. One relatively simple solution is to maintain a list of protected resources and then redirect the client to HTTPS if the target is to be protected and the client is not already under HTTPS. If the route does not match and the client is under HTTPS then they are redirected back. The downside is that the redirection is not terribly efficient. How do you handle this scenario? Mike _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
