Automatic Redirect to Secure Site

A combination lock Its not that this is really all that hard to do, but a common security issue is to make sure that users are going to a HTTPS version of a site. This code snippet handles automatic redirection of a user from the unsecured version of a page to the secured version.

<!--- See if HTTPS is off --->
<cfif cgi.https eq "off">
    <!--- Get site and path --->
    <cfset location = "https://" & cgi.http_host & cgi.script_name />
    
    <!--- See if there are any URL params --->
    <cfif len(cgi.query_string)>
        <!--- Append the URL params --->
        <cfset location = location & "?" & cgi.query_string />
    </cfif>
    
    <!--- Redirect to the secure verion --->
    <cflocation url="#location#" />
</cfif>

As a side effect, it also blocks POSTs to the unsecured version. I'm not sure if thats a feature or a bug though.

 

Comments

Jon Hartmann, July 2011

I'm Jon Hartmann and I'm a Javascript fanatic, UX/UI evangelist and former ColdFusion master. I blog about mysterious error messages, user interface design questions, and all things baffling and irksome about programming for the web.

Learn more about me.

Post a job. Find one. authenticjobs.com

Interested in becoming a sponsor? Contact me.