I’m building a mixed https/http website using PHP. When the user logs in (via

Question

0

Asked: May 28, 20262026-05-28T04:43:11+00:00 2026-05-28T04:43:11+00:00

I’m building a mixed https/http website using PHP. When the user logs in (via

0

I’m building a mixed https/http website using PHP. When the user logs in (via https) I set a secure cookie with the username and session. After logging in (so once the cookie is set) I want to redirect all traffic to https as there is user specific content on each page once logged in. Originally I had the website set up to use only https, but after searching around for a bit it seems that it is better to use SSL only when needed (so when users are not logged in http would be used). Can I achieve this using PHP/javascript or by adding some command regarding cookies to my .htaccess file? Thanks in advance!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T04:43:12+00:00

This is assuming you have configured your sessions to work only over HTTPS, otherwise, this is just pretend-security (use session.cookie_secure).

You can also set a (http, not https) cookie on login:

setcookie('wantshttps','true',0,'/');

And in .htaccess:

RewriteCond %{HTTP_COOKIE} wantshttps=true
RewriteCOnd %{HTTPS} !on
RewriteCOnd %{REQUEST_METHOD} !POST
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,QSA]

So remember to set it to false or unset it if you detect the cookie to be ‘true’, but a non-logged in user (session expired and the like).

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m building a mixed https/http website using PHP. When the user logs in (via

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply