Solved

Response.redirect from https to http without getting a you are about to leave a secure site message

Posted on 2006-11-23
16
237 Views
Last Modified: 2008-02-01
Hi

Im currently developing 2 pages on a secure https site. When these pages finish processing I need to redirect to a non secure http page.
The problem is page1 calls page 2 (both https pages), page 2 does some processing then redirects to page 3 ( a http) page.
When the form on page 1 is submitting because its being redirected to page 3 a http page, Im getting the error- you are about to be directed to a non secure site do you want to continue.

Any ideas to get around this?

Cheers

Louise
0
Comment
Question by:louise_8
  • 7
  • 4
  • 3
16 Comments
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18005211
Can you modify the process slightly?
I'd suggest that if page3 could remain https, then the user ends up on a secure site - so when they move on from that page they can see what's happening.

A typical use might be sales site - the thank you & receipt page should remain https, so they don't get that warning message while the sale is ongoing, only after it's obviously completed.

Does that help in your case?
0
 

Author Comment

by:louise_8
ID: 18005224
Thanks for your suggestion.
Unfortunately Im working on behalf of a client who posts us data from their http site, we process via https and they need the info to go back to their http site :(
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18005243
It just occurred to me - I have a page that does just what you're saying.
A client with no scripting or db support, so a form on their site submits to secure script on my site, processes the form, logs the action, and redirects to various pages back at the client site. http to https to http, and I've never had a message about leaving the secure site.
I'll test this and get back to you.
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18005274
Okay, I don't think you can do this.

IF a user does not tick the checkbox that says "In the future do not show this warning" then they WILL get an alert warning message every time they enter or leave a secure site. There's no way around that that I know of.
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18005280
Is using an xml post an option?
I'm not an expert on that, but it might be worth googling, or asking a question in the xmlsection, as to whether your process could be done using xml and if so can it be transparent to the user
0
 
LVL 58

Accepted Solution

by:
amit_g earned 125 total points
ID: 18005417
This is browser setting and can't be overridden from any server side script or trick. There is no way around this so the only solution is to host the last page also in https or let the user click that button. BTW, this is not an error but an informative message for the user given by the browser whenever a sites redirects from https to http.
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18005427
thanks Amit.
so an XML post is no different in this respect to an html post?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 58

Expert Comment

by:amit_g
ID: 18005439
XMP post might only help if the third page is not to be shown to the user. Even in that case we might see the warning as again for anything unsecure within the secured page, the browser is supposed to show that warning if the user hasn't instructed it to not show that warning.
0
 

Author Comment

by:louise_8
ID: 18005709
Thanks, Ill look up XMP and see if that helps

appreciate your comments guys
0
 

Author Comment

by:louise_8
ID: 18050128
XMP doesnt help me :(

Thanks again for your comments
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18050147
sorry I couldn't help ...
0
 
LVL 58

Expert Comment

by:amit_g
ID: 18050320
As I said earlier, this is client browser setting and it can't be controlled from server using any language.
0
 
LVL 6

Expert Comment

by:hc0904pcd
ID: 18143461
my 2 cents worth, either refund points or give them to Amitg. He didn't give you the answer you were looking for, but he was right when he said it couldn't be done, and said why.
0
 
LVL 58

Expert Comment

by:amit_g
ID: 18143481
I agree. The answer to this question is that it can't be done and that should be selected as an Accepted answer here. This is also a valid PAQable question as per http:help.jsp#hi54 and http:help.jsp#hi89 . If the questioner has problem with awarding points, I am ok with PAQ/Refund.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Classic ASP error- Object required: 'objFolder' 6 36
ASP Classic - Load test 2 45
Adding Datediff to staistics page 2 49
If-Then-Else ASP problem 6 49
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now