Basics for implementing SSL on PHP Website

I am here as 开发者_JAVA百科a developer of a website. My website got different modules among which one function is to process credit card. In order to process credit card I need to implement SSL layer and process the pages. For rest of modules the SSL is optional.

Now my points are:

1.) Is the location of file for http and https same?

2.) Can the session of http and https be shared? this is required as i need user login information and cart item information.

Preface: For most small-time Web site developers, you should not be writing modules to handle credit card data, unless you are prepared to spend a fortune (of both time and money) on implementing PCI standards, audits, regulatory compliance, etc. You've been warned!

Now on to your questions:

1. Assuming you're using Apache, the HTTP and HTTPS versions of your site are declared in VirtualHost directives in your httpd.conf. (RHEL puts the SSL configuration in conf.d directory.) Now, each virtual host can have its DocumentRoot configured individually. So you can choose whether you want them to be the same or not.

2. Sharing session data between HTTP and HTTPS requires careful attention. In particular, you can't use the same session ID on both HTTP and HTTPS versions of your site--because as soon as the session ID is transmitted over unencrypted HTTP, all session security is essentially lost.