R
Raven
Hi,
I have a problem with a server side redirect from a secure page to a
non-secure page (same domain name, same folder)
I have added some test code that can display the target URL and that
containt http:// and yet it redirects to https://
example:
I am on
https://www.example.com/test/files/login.asp?Cmd=logout
enter username+password into a form; page posts back to itself, then
calls my function for redirection to non secure pages:
redirectNoSSL("myaccount.asp")
this executes
Response.Redirect "http://www.example.com/test/files/myaccount.asp"
but the browser goes to
https://www.example.com/test/files/myaccount.asp
Any ideas why this happens?
I suspect this has to do with a cookie that persists user/pwd info,
could that force the client to go to the Secure page?
thanks in advance
Axel
See my relevant code below:
Function stripSSL(sTarget)
Dim host
Dim sUrl
Dim i
stripSSL=""
if sTarget="" Then Exit Function
sUrl=Request.ServerVariables("URL")
host=Request.ServerVariables("server_name") '
Request.ServerVariables("HTTP_HOST")
sTarget=" & sTarget
i=InStrRev(sUrl, "/")
stripSSL= "http://" & host & Left(sUrl,i) & sTarget
End Function
Function redirectNoSSL(sUrl)
Dim sNewURL
sNewURL = stripSSL(sUrl)
If False Then ' Print link instead of redirect
Response.Write "<BODY>TEST: Redirect to stripSSL (" & sUrl & ") =
<a href=" & sNewURL & ">" & sNewURL & "</a>"
Response.Write "<BR>ServerVariables(HTTPS)=" &
Request.ServerVariables("HTTPS") & "</BODY>"
Response.End
Else
Response.Redirect sNewURL
End If
End Function
I have a problem with a server side redirect from a secure page to a
non-secure page (same domain name, same folder)
I have added some test code that can display the target URL and that
containt http:// and yet it redirects to https://
example:
I am on
https://www.example.com/test/files/login.asp?Cmd=logout
enter username+password into a form; page posts back to itself, then
calls my function for redirection to non secure pages:
redirectNoSSL("myaccount.asp")
this executes
Response.Redirect "http://www.example.com/test/files/myaccount.asp"
but the browser goes to
https://www.example.com/test/files/myaccount.asp
Any ideas why this happens?
I suspect this has to do with a cookie that persists user/pwd info,
could that force the client to go to the Secure page?
thanks in advance
Axel
See my relevant code below:
Function stripSSL(sTarget)
Dim host
Dim sUrl
Dim i
stripSSL=""
if sTarget="" Then Exit Function
sUrl=Request.ServerVariables("URL")
host=Request.ServerVariables("server_name") '
Request.ServerVariables("HTTP_HOST")
sTarget=" & sTarget
i=InStrRev(sUrl, "/")
stripSSL= "http://" & host & Left(sUrl,i) & sTarget
End Function
Function redirectNoSSL(sUrl)
Dim sNewURL
sNewURL = stripSSL(sUrl)
If False Then ' Print link instead of redirect
Response.Write "<BODY>TEST: Redirect to stripSSL (" & sUrl & ") =
<a href=" & sNewURL & ">" & sNewURL & "</a>"
Response.Write "<BR>ServerVariables(HTTPS)=" &
Request.ServerVariables("HTTPS") & "</BODY>"
Response.End
Else
Response.Redirect sNewURL
End If
End Function