Wordpress 从 https 重定向到 http

Question

I am running a Wordpress SSL-Website which requires to have one tab to be non-SSL because it runs a non-secure websocket and it would be rejected due to mixed content otherwise.

In that regard I am doing a redirect in the .htaccess file:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(stage/)$
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*) http://%{HTTP_HOST}/$1 [R=301,L]

which indeed makes this specific tab unsecure, however, it also results to the following two issues:

1.) After the switch from https to http I am loosing any wordpress status information - it basically behaves as if the user is not logged in. Going back to the other secured tabs the information is back again.

2.) This specific tab includes three iFrames which I may only include via https and not via http. When including them via http I am on top of issue 1.) also loosing the wordpress data base access at all.

In fact the switch from https to http is only a workaround but currently a fine compromise for the meantime. It works without the issues mentioned in Joomla and now I would like to know if there is way to get rid of them in Wordpress as well.

Thanks in advance, best

Alex

Answer 1

WordPress' SECURE_AUTH_COOKIE is equal to 'wordpress_sec_'. md5(get_site_option('siteurl')) 'wordpress_sec_'. md5(get_site_option('siteurl')) . So as you change environments (secure to non-secure) that siteurl will change and your session cookie hash will be different. You'll need the user to login on BOTH secure AND non-secure before proceeding.

The code in question is located at wp-includes/default-constants.php . Since this runs before any plugins/theme code. You'd have to hack this at the wp-config.php level. Then check out it's use in the wp-includes/pluggable.php file to see future modifications are needed. The pluggable file runs after plugins init, so you can hook into filters there, if needed.