On Mon, 15 Nov 2004 18:16:34 +0000, Joshua Beall wrote:
Hi All,
I've seen many references to the $_SERVER['HTTPS'] variable, which is set to
the string 'on' when the client is connected via HTTPS rather than regular
HTTP. However, I have been unable to find any references to it in the
official PHP documentation (many times in the user contributed notes,
though).
Often, undocumented features go away with future releases, since "nobody
should have been using them anyway," etc. For this reason I am concerned
about using this variable in order to determine if the client is connected
via HTTPS. Is there a better way? Or should I not be concerned about the
variable disappearing/getting renamed?
Sincerely,
-Josh
Hello Josh,
Please check this page:
http://es2.php.net/reserved.variables
Quote:
"$_SERVER is an array containing information such as headers, paths, and
script locations. The entries in this array are created by the webserver.
There is no guarantee that every webserver will provide any of these;
servers may omit some, or provide others not listed here. That said, a
large number of these variables are accounted for in the CGI 1.1
specification, so you should be able to expect those."
This basically means that PHP itself has nothing to do with this variable,
since it's up to the webserver to set it or not. Apparently mod_ssl does
set this variable, so you would have to watch this module if it changes or
removes the HTTPS environment variable.
One other way would be to check on which port the user is connected to,
usually port 443 is always https--but then again, it doesn't have to be.
So if it was up to me, I would check the $_SERVER['HTTPS'] setting rather
than the port. Just make sure that your scripts are running on servers
that do use mod_ssl.
DrTebi