1

I have this code as the src in an img tag.

$this->getSkinUrl('images/mobile-logo.png',array('_forced_secure'=>true));

If I clear the cache, then immediately load a secure page, it loads with https and stays that way until the cache is cleared. If I load a http page right after clearing the cache, then it loads with http, and again stays that way until the cache is cleared. I have a cron job that refreshes the cache so I can't always be there to be the first person to load a page following the refresh. I have tried both '_forced_secure' and '_secure'. Just looking for a dependable way to load over https when the page is secure, without hard-coding it in or disabling caching. And I'm fine if it always loads over https, but mainly need it to when the page is secure so that my lock icon stays as green as cash.

Improve this question
2
  • In which block is this? Also are you using some FPC extension? Commented Jan 23, 2015 at 20:33
  • No caching extension involved. It's in the header, it's a responsive design so I have 2 logos, the regular logo ($this->getLogoSrc();) loads using whatever protocol is being used, but the mobile logo ($this->getSkinUrl('images/mobile-logo.png',array('_forced_secure'=>true));) gets stuck as http or stuck as https depending on how it is loaded the first time after caching Commented Feb 27, 2015 at 21:27

2 Answers 2

Reset to default
0

Personally, if you have your certificate in place I would always load the entire site thorough https. It makes for a better user experience as the user isn't going from secure to unsecure to secure, etc. Also, Google is putting more and more weight on having a secure site, so having the whole thing served over https should be a benefit there as well.

Go to System->Configuration->Web->Unsecure and set the base url to be https://your-url-here.com

That will force the entire site through https, so you don't have to worry about it on a case by case basis.

Edit - btw also fill in the details in System->Configuration->Web->Secure, including Use Secure URLs in Frontend = Yes

Improve this answer
3
  • I do that with most sites, can't with magento though. Ever notice what happens when someone links to your site without the https? If you have it setup like that, forcing https, people need to link to you using https. So if some other site links to http://your-domain.com/gift-card then magento will redirect them to https://your-domain.com and completely wipe out the rest of the url. The only way for people to link to anything beyond your homepage is to explicitly link to https://your-domain.com/gift-card, and that's asking a lot from other internet users. Commented Feb 27, 2015 at 21:32
  • We haven't had any issues, and the site I have in mind has 30,000 products and puts out 7 feeds, with probably 100 products per day picked up by or submitted to deals sites by users. From my experience, if someone is linking to our site the chances that they are manually typing in the link are somewhere between slim and none. Commented Feb 28, 2015 at 0:26
  • there is a ton of pr for the sites I build, and the journalists almost always strip stuff off the front of the links, like the https and www, and then never check to see if they work before publishing. They are our most valuable links, even though it's only 20-30 per year, and journalists are some of the least tech savvy users so if we sent all of that traffic to the homepage we'd be losing a lot. Most users don't think that part of the url matters, because most sites handle it correctly. Magento doesn't, so you just need to use https sparingly, which is fine but results in issues like myOP Commented Mar 2, 2015 at 16:26
0

To me, the best answer is to always force https. You can add a rewrite to your .htaccess that rewrites any link to your site to the https version of your site. Just place this at the top of your .htaccess rewrite rules:

RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.