Problem
I want to force a website user onto HTTPS when they are entering sensitive information.
Solution
Depending on what particular CGI variables are available you could use CFLOCATION.
Detailed explanation
The code below checks what port the user is on and if it's not
443 (typically https) it redirects the client back to https.
Note: unless you persist your variables any FORM or URL data
sent in the scope will be lost.
<cfif CGI.SERVER_PORT NEQ "443"> <cflocation url="https://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no"> </cfif>
Putting the above code on a .cfm page will
always redirect to HTTPS (see comments). However
if you only want selected pages to be on HTTPS you could use
application.cfc on requeststart function to detect the template and
redirect accordantly.
<cfset httpsPage= "cart.cfm,login.cfm"> <cfif cgi.server_port NEQ 443 > <cfif (ListContains( httpsPage,GetFileFromPath(CGI.SCRIPT_NAME),",")) >
<cflocation url="https://#cgi.server_name##cgi.script_name#?#cgi.query_string#" addtoken="no"> </cfif> </cfif>
+
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Permissions beyond the scope of this license, pertaining to the examples of code included within this work are available at Adobe.
Report abuse
