Force tracking script to use HTTPS?


#1

Hi,

I’ve set up Piwik with it’s own domain plus an SSL certificate to keep it more secure. I changed config.ini.php to include the force_ssl option. So far so good.

However when checking server logs etc I noticed that tracking requests from my website to Piwik, which will be 99.9% from non-secure pages, are generating two entries. The first of these is a 301, converting the original http request to an identical https one, which is the second entry. This obviously has a small performance issue, especially when I’m using shared hosting and the calling site is on the same server.

I then changed the tracking script in my web pages - done via an include so it’s a single change - to remove the option to use the http call. I know I’ve done it the lazy way at the moment, and will fix this later unless it’s reversed out.


var u=(("https:" == document.location.protocol) ? "https" : "[i]https[/i]") + "://mywebsite.com/piwik/";

Now I’m still on the learning curve of web development, so don’t know if there are any implications for this change. I know it works, as the log files now have a single entry per tracking request. Can anyone see any problems with this approach?

Regards,

Ian


(Matthieu Aubry) #2

Probably the initial problem is that your server did a redirect from HTTP -> HTTPS

For your piwik server this redirect should be disabled as it can and will cause problems.

Otherwise it’s fine if you also force all your visits to be tracked on the HTTPS in your piwik.