Discussions

HTTPS/SSL Redirect using htaccess

There have been several posts on this forum debating how and when to redirect to HTTPS pages during the commerce process.

I hope this debate continues and several worthy options appear. The discussion thus far has been between redirecting only during the checkout process (/checkout/*) or immediately upon visit of the site.

Redirecting during checkout is problematic, in my experience, due to the lose of the checkout session. I have, unfortunately, not been able to overcome that issue. So, to avoid that problem, for now, I have decided to redirect my entire site, as suggested by rfay, to HTTPS using htaccess.

There are, of course, obvious implications that are very concerning to me when redirecting all pages. SEO and site performance being the main problems.

I have tried using the Secure Pages module, but not successfully. If someone is successfully using this module with Commerce, I would like to know.

So, for now this is the code I am using:


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You may already have RewriteEngine On- if so, just leave it out.

This appears to be working well for my site, but I would greatly appreciate if someone who is more knowledgeable on this topic to chime in with improvements.

Posted: Oct 31, 2011

Comments

scott.carlton on November 1, 2011

Ya this has been a huge issue for me too. Currently I have all my pages using https with secure pages, but would love to be able to redirect only when need. Of course, currently as you said, the session is lost. Subscribe.

henryv on December 28, 2011

...I tried putting in the suggested code for the .htaccess file.

After doing so, it looks like the css for the site suddenly stopped being read, so that things appeared very primitive and lumpy indeed. Is there something I need to change in order for the css to still be applied?

Thanks!