: Can a HTML form submit to a secure SSL location that keeps the user on the HTTPS site? I've enabled SSL for my Apache server so when I attempt to go to https://example.com/private/index.html,
I've enabled SSL for my Apache server so when I attempt to go to example.com/private/index.html, my browser displays a generic dialog asking me to provide my username and password to log in.
How does one use an HTML form to start a secure session? For example, do I need to set the action to a PHP script that can somehow start the same secure session that Apache uses?
This is an acceptable solution; however, I'd like to finesse things a bit by making a login page with an HTML form that would somehow start the SSL session and then take me to example.com/private/index.html. How would one do that?
More posts by @Cooney921
1 Comments
Sorted by latest first Latest Oldest Best
A form on an web page can submit to a secure location. You would need to set the action on that form to a full absolute URL like so:
<form method=POST action="https://example.com/private/login.php">
If you want to ensure that your entire "private" subdirectory is only available with SSL, you can configure your server to redirect when it detects that the URL is not HTTPS. For example, here is some code that can be put in a .htaccess file to do so:
RewriteCond %{HTTPS} off
RewriteRule ^(private/.*)$ %{HTTP_HOST}%{REQUEST_URI} [L,R=301]
To prevent the user that is on the SSL site from clicking on a link to that takes them to a non-secure page, you can always use relative internal links. I prefer to use links that start with a slash like <a href="/private/index.html"> That will preserve the host and protocol and allow the user to access the page with whichever they are currently using. Like the form action, you can change it to an absolute HTTPS link to switch them over to ssl.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.