HTTP to HTTPS redirect

Posted At : 28 July 2008 14:12 | Posted By : Glyn Jackson
Related Categories: Security, ColdFusion

In some of my applications I only want the user to connect on a Secure Sockets Layer (SSL). I have already installed my SSL Cert and need to know how to force any traffic not on SSL to be on SSL.

An example of when you may want to do this could be when a user on your site is entering sensitive information such as credit card details.

Its not good to rely on the fact you have taken them via a post to a https page, your user could change the URL or gets to your page in a different way. You should always make sure they are on a SSL.

Note: The example below will depend on the particular cgi variables available on your own server .

secureSSL.cfc

view plain print about
1<cffunction name="securePageThisPage">
2 <cfif CGI.SERVER_PORT NEQ "443">
3 <cfoutput>true dasasdsd sdsd sds d </cfoutput>
4 <cflocation url="https://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no">
5 </cfif>
6</cffunction>

Then on any page you want to secure just create the cfc and run the function. In my case its something like this...

view plain print about
1securityCFC = createobject("component", "mycfcLib.secureLib");
2securityCFC.securePageThisPage();
Comments Comments (0) | Print Print | Send Send | 1372 Views | Bookmark and Share

Related Blog Entries

TweetBacks
Comments

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]
 

About Me

Glyn Jackson, 28 years old, MD and senior developer of a development firm based in Staffordshire called Newebia Ltd. Academic background in BSc Information System & Internet Commerce. Online marketing expert (EE Ranked) and .NET developer. Has been developing with ColdFusion for 5 years and loves it. "I am not a veteran in ColdFusion but I do work on challenging projects which help me learn more about ColdFusion and if I can contribute to the community in anyway then, it's all good!"

Recommends

  • ColdFusion