[thelist] session and/or cookie persistence across an ssl and non-ssl connection

Anthony Baratta Anthony at Baratta.com
Thu Jan 17 17:33:54 CST 2002


Don't forget that each SSL connection uses up a "user" slot on the server. 
Depending upon the OS NT or Win2K your licensing server will begin to 
disallow SSL connections once your slots are used up.

Therefore you only want SSL when you "need" SSL. What I do is have a small 
function check for SSL on via the ServerVariables Collection. If it's on 
and it should be off, the user is redirected to the non-SSL path. And if it 
should be on and its off, then the user is re-directed to the SSL path.

e.g. (Watch for line wrap)

''''''''''''''''''''''''''''''''''''''''''''''''''
'' CheckforHTTPS Function
'' Required Info Passed to Function:
''      None
''''''''''''''''''''''''''''''''''''''''''''''''''
sub CheckforHTTPS()
        if not (Request.ServerVariables("HTTPS") = "on") then
             Response.Redirect("https://" & varWebServerURL & 
Request.ServerVariables("PATH_INFO") & "")
             Response.End
        end if
end sub

''''''''''''''''''''''''''''''''''''''''''''''''''
'' CheckforHTTP Function
'' Required Info Passed to Function:
''      None
''''''''''''''''''''''''''''''''''''''''''''''''''
sub CheckforHTTP()
        if (Request.ServerVariables("HTTPS") = "on") then
             Response.Redirect("http://" & varWebServerURL & 
Request.ServerVariables("PATH_INFO") & "")
             Response.End
        end if
end sub
----
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."





More information about the thelist mailing list