+ Start a Discussion

How To Change from HTTP to HTTPS After User Login On Site



I have a Force.Com Site in which we have created our own authentication process which logs a user in using an Account (not the user object).  The user therefore logs into their account....


On successfully logging in I wish to then change the site to use HTTPS.  To implement this changeover what is the best process for doing so (I was unsure how to implement the changeover)?


Thanks in advance for any advice.


Impossible if you ever want that to go to production.






I mean, impossible if you want to keep your custom domain name.


Hi ForceCoder,


Thanks for your help.  I think you may have misunderstood my requirements though.  I wish to keep the same Force.com Site address/domain.  I just need to be able to switch between http and https depending on where the user is on the site.  Does this make sense? Is it easy to implement?




Sorry.  I misunderstood your question. I haven't had to implement what your are describing.  


I don't think that you can use site redirects or the Site.UrlRewriter, because they only support relative paths.  There's always the fallback to some JavaScript you could put in the desired pages, along the lines of the following (not tested) if you can't find anything else.

 if (location.href.indexOf("https://yourcompany.secure.force.com") == -1) {
    location.href = location.href.replace("http://yourcompany.com", "https://yourcompany.secure.force.com");

Just make sure that whatever you implement in your sandbox will end up working once in production where the Secure Web Address can only be https://yourcompany.secure.force.com.


Alternatively, depending on your requirements, maybe you could use the apex:page's action attribute method to check for whatever condition and then return a PageReference redirect to https:// if necessary (e.g., action='{!checkSslRedirect}).


It seems like there should be something way simpler than what I've suggested.


Hi ForceCoder,


Thank you for your feedback.  Regarding the use of JavaScript.  Due to SEO requirements I wish to limit the use of JavaScript where possible.  Your other suggestion, I will look into this as it may be a good possibility (to use PageReference & redirect to HTTPS this way). I'm not 100% familiar straight off with how it can be implmented but in theory it does sound like a possible option.


I note on the following article there is a discussion on how to determine if a page is in http or https.  http://brianpeddle.com/2011/05/28/how-to-determine-http-or-https-in-salesforce-apex/   While this is not what I wish to do (to determine which protocol as opposed to using a specific protocol) there may be some alternative to function getCurrentRequestUrl for "set" which would be useful.  I'll look into this also.



Any further suggestions would be welcomed.   Thanks again!