By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,497 Members | 1,287 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,497 IT Pros & Developers. It's quick & easy.

$_SERVER['HTTPS'] - undocumented feature?

P: n/a
Hi All,

I've seen many references to the $_SERVER['HTTPS'] variable, which is set to
the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).

Often, undocumented features go away with future releases, since "nobody
should have been using them anyway," etc. For this reason I am concerned
about using this variable in order to determine if the client is connected
via HTTPS. Is there a better way? Or should I not be concerned about the
variable disappearing/getting renamed?

Sincerely,
-Josh
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On Mon, 15 Nov 2004 18:16:34 +0000, Joshua Beall wrote:
Hi All,

I've seen many references to the $_SERVER['HTTPS'] variable, which is set to
the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).

Often, undocumented features go away with future releases, since "nobody
should have been using them anyway," etc. For this reason I am concerned
about using this variable in order to determine if the client is connected
via HTTPS. Is there a better way? Or should I not be concerned about the
variable disappearing/getting renamed?

Sincerely,
-Josh


Hello Josh,
Please check this page:
http://es2.php.net/reserved.variables

Quote:
"$_SERVER is an array containing information such as headers, paths, and
script locations. The entries in this array are created by the webserver.
There is no guarantee that every webserver will provide any of these;
servers may omit some, or provide others not listed here. That said, a
large number of these variables are accounted for in the CGI 1.1
specification, so you should be able to expect those."

This basically means that PHP itself has nothing to do with this variable,
since it's up to the webserver to set it or not. Apparently mod_ssl does
set this variable, so you would have to watch this module if it changes or
removes the HTTPS environment variable.

One other way would be to check on which port the user is connected to,
usually port 443 is always https--but then again, it doesn't have to be.
So if it was up to me, I would check the $_SERVER['HTTPS'] setting rather
than the port. Just make sure that your scripts are running on servers
that do use mod_ssl.

DrTebi
Jul 17 '05 #2

P: n/a
*** Joshua Beall wrote/escribió (Mon, 15 Nov 2004 18:16:34 GMT):
I've seen many references to the $_SERVER['HTTPS'] variable, which is set to
the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).


These environment variables are created by the SSL module:

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25
--
-- Álvaro G. Vicario - Burgos, Spain
-- Thank you for not e-mailing me your questions
--
Jul 17 '05 #3

P: n/a
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message
news:6o6md.7395$pP5.5571@trnddc05...
Hi All,

I've seen many references to the $_SERVER['HTTPS'] variable, which is set to the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).

Often, undocumented features go away with future releases, since "nobody
should have been using them anyway," etc. For this reason I am concerned
about using this variable in order to determine if the client is connected
via HTTPS. Is there a better way? Or should I not be concerned about the
variable disappearing/getting renamed?


$_SERVER entries are set by the web server. The HTTPS element is set by
Apache modssl. You can find that documented here
(http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25) which I found by
looking in the notes attached to the $_SERVER variable documentation at
(http://us2.php.net/manual/en/reserve...variables.serv
er)

- Virgil
Jul 17 '05 #4

P: n/a
Dear sir,

https means if your host is a secure server, not the client is connected via
https. it is not undocumented and it is visible in the phpinfo().
$_SERVER['HTTPS'] merely mentions if the server is secure or not and
effectively you can use the server as a secure server.

people do use it and it is an important function. otherwise they would not
have it there.

i think if variables disappear, they are not needed in the first place. at
this moment, i do not think it is any reason to panic.

thanking you

sumeet shroff
"Joshua Beall" <jb****@donotspam.remove.me.heraldic.us> wrote in message
news:6o6md.7395$pP5.5571@trnddc05...
Hi All,

I've seen many references to the $_SERVER['HTTPS'] variable, which is set to the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).

Often, undocumented features go away with future releases, since "nobody
should have been using them anyway," etc. For this reason I am concerned
about using this variable in order to determine if the client is connected
via HTTPS. Is there a better way? Or should I not be concerned about the
variable disappearing/getting renamed?

Sincerely,
-Josh

Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.