from within a php connection is there any way to (reliably) verify that a user has requested the page via an SSL connection?

i expected the $HTTP_SERVER_VARS['SERVER_PROTOCOL'] would contain something about https, however it always reports http/1.1, regardless of whether the actual connection is http or https ...

any replies would be greatly appreciated!

good question.

I hope someone can answer it because I'm interested too.

*bump*

$_SERVER['SERVER_PORT]

^ you might assume any connection to port 443 is SSL - if you're running it on the standard port.

--

Now that I access my site via https, it seems that php has a bunch of SSL vars available to you.

eg: $_SERVER['HTTPS']
$_SERVER['SSL_CIPHER']
$_SERVER['SSL_SESSION_ID']


php 4.2.3 btw.

-r

$HTTPS works like a champ ... it is set when the connection is SSL and not set otherwise. checking the port was also a good idea, but it seems less safe to me, so i'll go with checking $HTTPS

thanks,
stoe

Just be careful about using the old vars like $HTTPS, $PHP_SELF and so on. Sooner or later they wont be available and you'll need to refer to the $_SERVER super global.

-r

thanks for the warning, however the server i had to write the project on uses an old version of PHP 4 prior to $_SERVER being available.