I have a web application that we need to force SSL for, but only when the 开发者_Python百科user is logged in. Unfortunately, the login page is the same url as the web application when a user is logged in.
I had the following rewrite for skipping SSL when the url was simply / or /signup but that fails because a) when a user is logged in, they may still be at / and not have any forced-ssl and b) when a user visits signup with an invite key, like signup?invite=123abc the pattern fails.
#RewriteCond %{HTTP_HOST} ^mysite\.com$ [NC]
#RewriteCond %{SERVER_PORT} !^443
#RewriteCond %{REQUEST_URI} !^(/|signup)$
#RewriteRule (.*) https://mysite.com/$1 [R=301,L]
It feels like forcing SSL in apache is faster than from my PHP application but I'm not sure the best way to resolve this.
Thanks!
Depending on the language you are using server side it may be easier to do it in that rather than use a rewrite rule since your server side program would know that the user is logged in. Some pseudo code:
If user is logged in and request URL begins http then redirect to https.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论