Redirection Code for SSL

This is just some fluff, but one method that I use for checking if something is being viewed over SSL or not is to check the CGI.SERVER_PORT variable. SSL typically runs on port 443. So doing the following check will easily tell you if you're script is being viewed over SSL or not ,and you don't have to worry about doing any text comparisons.

<cfif NOT CGI.SERVER_PORT EQ 443 >
<cflocation url="#somwhere#" >
</cfif>


Of course a much better way to do this would be to do what I do for all projects I work on. Use configuration values!!! I always set 3 Application variables for every project I work on, they are:

<cfset application.webRoot=" http://#CGI.SERVER_NAME#" >
<cfset application.sslRoot="https://#CGI.SERVER_NAME#" >
<cfset application.sslPort=443 >

<cfif NOT CGI.SERVER_PORT EQ application.sslPort >
<cflocation url="#application.sslRoot#" >
</cfif>


And if I need a URL or FORM to point to my SSL site, then I write these URLs as:

#Application.sslRoot#/order/process.cfm

and of course to get back OUT of SSL and into regular HTTP, write your links as: #Application.webRoot#/index.cfm


The default values for the 3 config values above usually suffice just fine, but if you're roots are different, then it takes only a second to change them and have it propogate throughout your application instantly if you used the config values properly. I have found this technique VERY convenient to aid in testing since the site I'll have setup on my local development machine is always "test.<domain.com>" so when it comes time to actually put my configuration LIVE and into production after doing all my testing, I don't have to modify 50 files, I just replace the "test." with "www." and I"m set. This technique also helps if you don't have SSL installed on your test/local machine. For testing purposes you can set the SSL port to 80, and the sslRoot to "HTTP" (not HTTPS) and you'll be able to easily test out that parts that would normally be under SSL over HTTP while in test mode.