Bug #16395

There is a error in detecting the ssl page

Added by Oliver Vogel over 12 years ago. Updated almost 12 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


if you set $TYPO3_CONF_VARS['BE']['lockSSL'] = '2'; at a server hostet by 1&1 or Schlund und Partner (the biggest provider in Germany) you run into the problem, that you can NEVER log in to the backend.

The problem is, that typo3 will not detect the ssl connection. so typo3 thinks, it is not in ssl-mode and so typo3 tries to redirect to the ssl mode. this goes endless. Means the page is reloaded, reloaded, reloaded and so on. The systems hangs in this endles loop.

This is, because the server from 1&1 and Schlund und Partner sets the variable
$_SERVER['HTTPS'] to "1" and NOT to "on" like the typo3 script expected.

So the solution for me is to change the line 3099 of t3lib_div.php from

$retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'],'on') ? TRUE : FALSE;


$retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'],'1') ? TRUE : FALSE;

this means, i have to change "on" to "1".

After this changing, the system works fine for 1&1 and for Schlund und Partner.
(issue imported from #M3909)

bug_3909.diff View (633 Bytes) Administrator Admin, 2006-08-23 14:40

Related issues

Related to TYPO3 Core - Bug #14210: SSL - SSL Lock HTTPS Proxy ... Closed 2004-06-17
Related to TYPO3 Core - Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL check Rejected 2011-09-12


#1 Updated by Benni Mack over 12 years ago

to keep it consistent with Typo3 (and so people can put it in CVS) the code should be:

$retVal = $_SERVER['SSL_SESSION_ID'] || !strcmp($_SERVER['HTTPS'],'1') || !strcmp($_SERVER['HTTPS'],'on') ? TRUE : FALSE;

devs - would be awesome if you could correct this.

#2 Updated by Michael Stucki over 12 years ago

Fixed in TYPO3 4.0.2 and later.

Also available in: Atom PDF