[thelist] shopping cart - secure or not
Lee kowalkowski
lee.kowalkowski at googlemail.com
Thu Oct 26 10:40:29 CDT 2006
On 25/10/06, Bob Meetin <ontheroad at frii.com> wrote:
Your error message is subtly different from the "warn if changing
between secure and not secure mode". Your error message is for
redirection, there are no options in IE to disable that, but there is
a registry setting: http://support.microsoft.com/kb/883740
The message can be avoided by not switching protocols in a redirect
(or avoiding the redirect in the first place, but redirects are
commonly used for interrupt/just-in-time authentication). Redirection
of POSTs
isn't neat, browsers typically obey, but the HTTP/1.1 specification
says they shouldn't without giving the user the opportunity to
confirm.
> It seems erroneous in that both
> the login page and the next page are both secure, https.
Those are the origin and the destination pages, but are there any
redirect responses in-between? It could be double-redirecting.
You'll have to use something like IEHTTPHeaders
(http://www.blunck.info/iehttpheaders.html) to make certain.
--
LK
More information about the thelist
mailing list