Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion SSL certificates and session variables
SSL certificates and session variables
  • El Forum
    Guest
  •  
#1
04-13-2011, 08:27 PM

[eluser]dadamssg87[/eluser]
Hi all,

I've been developing with CodeIgniter for a few months. Now i'm trying to start understanding how to implement an SSL certificate to develop an ecommerce site. I've read a few of other threads about the topic.

It seems that you can have a non secure directory that holds all your codeigniter files, an https secure directory to hold js, css, images, and a second copy of your codeigniter. The idea being that you would use the unsecure codeigniter to add products to your shopping cart then once you're ready to check out you would link it to the https directory to checkout. And you would need to modrewrite your .htaccess file to make sure any attempts to access, say, http://example.com/index.php/checkout/index, it would get redirected to httpS://example.com/index.php/checkout/index.

My question is: Will the codeigniter session variables(shopping cart) hold up when transferring from http to https?
  • El Forum
    Guest
  •  
#2
04-14-2011, 12:40 AM

[eluser]WanWizard[/eluser]
Cookies are linked to the site based on the domain name and the path configured. If they're the same for both CI instances, there's no problem.
  • El Forum
    Guest
  •  
#3
04-14-2011, 12:42 AM

[eluser]dadamssg87[/eluser]
awesome, thanks
  • El Forum
    Guest
  •  
#4
04-14-2011, 07:43 AM

[eluser]InsiteFX[/eluser]
You also need to have a dedicated ip address to use SSL
  • El Forum
    Guest
  •  
#5
04-14-2011, 09:54 AM

[eluser]WanWizard[/eluser]
[quote author="InsiteFX" date="1302806583"]You also need to have a dedicated ip address to use SSL[/quote]
Not necessarily.

There is an extension to the SSL protocol called Server Name Indication (RFC 4366), which allows the client to include the requested hostname in the first message of its SSL handshake (connection setup). This allows the server to determine the correct named virtual host for the request and set the connection up accordingly from the start.

With SNI, you can have many virtual hosts sharing the same IP address and port, and each one can have its own unique certificate (and the rest of the configuration).

This should work with mod_ssl as of Apache 2.2.12. However, this option is only available if httpd was compiled against an SNI capable version of OpenSSL, so you might have to start compiling...

(also, not every browser supports this, in particlar IE6, and IE7 only from Vista onwards).
  • El Forum
    Guest
  •  
#6
04-14-2011, 10:41 AM

[eluser]InsiteFX[/eluser]
Then what good is it if it doe's not run on all broswers and needs to be compiled in?

My hosting provider requries a dedicated ip for SSL!

InsiteFX
  • El Forum
    Guest
  •  
#7
04-15-2011, 02:26 AM

[eluser]WanWizard[/eluser]
That's the problem with SNI. And that's why you hardly see it used.

No matter how you look at it, IE6 sucks and blocks progress... :;




Theme © iAndrew 2016 - Forum software by © MyBB