Switching Between HTTP and HTTPS

[Kenneth Keeley]

Hi
I wish to have a web site that has most of the pages as normal HTTP pages
but has some areas that use HTTPS. I want to have it that if a user selects
a link to a HTTPS page that they go there an there Session Information is
kept. I also wish to have the pages switch automatically to HTTPS if a
visitor types the URL without the HTTPS. So my questions are:
1) How to redirect to a Secure Page without losing Session Info?
2) How to test if page is accessed by HTTPS, and if not switch to HTTPS
quickly?

I think something like this code is what I want but how do I do it.

<%
if not "HTTPS" then
response.redirect([url]https://mysite.com/securepage.asp[/url])
end if
%>

Thanks for the help.
Kenneth Keeley

[Ray at]

"Kenneth Keeley" <kenkeeley@hotmail.com> wrote in message
news:e9bEtKgkDHA.2500@TK2MSFTNGP10.phx.gbl...

> So my questions are:
> 1) How to redirect to a Secure Page without losing Session Info?

This is not possible. Sessions cannot be maintained across different
protocols. You'll have to store the info server-side in a database, for
example.

> 2) How to test if page is accessed by HTTPS, and if not switch to

HTTPS

> quickly?

Here's an example:
[url]http://www.aspfaq.com/2321[/url]

You'd probably also want to grab the querystring, should it exist. Maybe do
it like this instead (illustrative example):

<%
Dim sRedirect, sDomain, sPath, sQString
If UCase(Request.ServerVariables("HTTPS") = "OFF" Then
sDomain = Request.ServerVariables("SERVER_NAME")
sPath = Request.ServerVariables("SCRIPT_NAME")
sQString = Request.Querystring
sRedirect = "https://" & sDomain & sPath
If Len(sQString) > 0 Then sRedirect = sRedirect & "?" & sQString
Response.Redirect sRedirect
End If
%>


Ray at home

[CS]

I have two forms,1 is http and another is https. Https is a pop up form and
http is its opener.
Now, I want to pass back some data from Https side to its opener page but it
prompts message" permission denied."
Is it possible that i can refresh or pass back some data to the http page
from the Https side?


here's the code
RegisterStartupScript("save", "<script>try{window.opener.creditCard('" &
MemberPaymentID & "')}catch(e){var
frm=window.opener.frmMain;frm.MemberPaymentID.valu e='" & MemberPaymentID &
"';frm.Process.value='Save';frm.submit();} window.close();</script>")

[Jason Brown [MSFT]]

I don't think it'll work using javascript - under the security model (IIRC),
an SSL site and it's non-SSL counterpart are effectively two different
domains.

http and https are cordoned off for a reason, though - have you fully
considered the implications of bouncing data in and out of the secure area?
isn't it better to keep it all cordoned off?


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no rights.

"CS" <CS@discussions.microsoft.com> wrote in message
news:4C28F77D-95CB-483A-96D3-746F4CCDE306@microsoft.com...

>I have two forms,1 is http and another is https. Https is a pop up form and
> http is its opener.
> Now, I want to pass back some data from Https side to its opener page but
> it
> prompts message" permission denied."
> Is it possible that i can refresh or pass back some data to the http page
> from the Https side?
>
>
> here's the code
> RegisterStartupScript("save", "<script>try{window.opener.creditCard('"
> &
> MemberPaymentID & "')}catch(e){var
> frm=window.opener.frmMain;frm.MemberPaymentID.valu e='" & MemberPaymentID &
> "';frm.Process.value='Save';frm.submit();} window.close();</script>")
>