{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 SAY GOODBYE 的问题《Using HTTPS instead of HTTP》','https://www.manongdao.com/q-808562.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a website that user have to loggin to. I want to use HTTPS so make a secure encrypted connection to the server to check the user name and password.
Currently on my server i have a folder called httpdocs, this is where my website is store, i also have a folder called httpsdocs.
Now as i stated my website is stored in httpdocs so logically i would go to http://website.com
But i found that if i go to https://website.com i get a secure connect to the pages stored in httpdocs.
Anyway, my question is, whenever i go to another link i loose the secure connect (URL goes back to http://) So how do i keep it all secure? Would i have to use the full URL in the href because that seems a bit lame instead of just using href=page2.php .
I'm new this area of website developing, but i am experienced in developing if that helps you.
Thanks a bunch for the help.
Some basic tutorials or reading material would be awesome if anyone knows of anything good?
Thanks again.
Do not use
http://foo.com/pathin urls, use//foo.com/pathinstead (or, even better, if you stay on the same server, use/path- it surely works). Doing full urls is bringing redundancy and brittleness. Avoid it.Check out HTTP Strict Transport Security (HSTS): https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Basically, you can force the browser (unless it's IE<12) to always use HTTPS by adding this header to the secure site's configuration:
This can also be combined with a 301 (PERMANENT) redirect for the non-secure/HTTP site's configuration, also outlined on the above referenced site.
Additionally/Alternatively, you can set the base href on your "website.com" pages by adding something like this towards the top of the
<head>tag:This will set all relative urls on the page (including links, stylesheets, scripts, images, etc.) to use the HTTPS site's root as their base. Depending upon the structure and size of your site, however, you will want to verify for each page that its base href and/or the urls within the page include any necessary path information (i.e. subdirectories). Otherwise a link on http://website.com/some/directory/page.html that points to "otherpage.html" will direct to http://website.com/otherpage.html instead of http://website.com/some/directory/otherpage.html . In such cases you would want either a base href of "http://website.com/some/directory/" or the relative url in the link should point to either "/some/directory/page.html" or "some/directory/page.html" (no slash needed in this case).
To answer your question in the comments you should use mod_rewrite (assuming its enabled):
that will send any webpage to https.