Switching Between HTTP and HTTPS

[Kenneth Keeley]

Hi
I wish to have a web site that has most of the pages as normal HTTP pages
but has some areas that use HTTPS. I want to have it that if a user selects
a link to a HTTPS page that they go there an there Session Information is
kept. I also wish to have the pages switch automatically to HTTPS if a
visitor types the URL without the HTTPS. So my questions are:
1) How to redirect to a Secure Page without losing Session Info?
2) How to test if page is accessed by HTTPS, and if not switch to HTTPS
quickly?

I think something like this code is what I want but how do I do it.

<%
if not "HTTPS" then
response.redirect(https://mysite.com/securepage.asp)
end if
%>

Thanks for the help.
Kenneth Keeley

 

[Ray at]

So my questions are:
1) How to redirect to a Secure Page without losing Session Info?

This is not possible. Sessions cannot be maintained across different
protocols. You'll have to store the info server-side in a database, for
example.

2) How to test if page is accessed by HTTPS, and if not switch to HTTPS
quickly?

Here's an example:
http://www.aspfaq.com/2321

You'd probably also want to grab the querystring, should it exist. Maybe do
it like this instead (illustrative example):

<%
Dim sRedirect, sDomain, sPath, sQString
If UCase(Request.ServerVariables("HTTPS") = "OFF" Then
sDomain = Request.ServerVariables("SERVER_NAME")
sPath = Request.ServerVariables("SCRIPT_NAME")
sQString = Request.Querystring
sRedirect = "https://" & sDomain & sPath
If Len(sQString) > 0 Then sRedirect = sRedirect & "?" & sQString
Response.Redirect sRedirect
End If
%>


Ray at home