[thelist] shopping cart - secure or not

Lee kowalkowski lee.kowalkowski at googlemail.com
Fri Oct 27 06:18:18 CDT 2006


On 26/10/06, Bob Meetin <ontheroad at frii.com> wrote:
> Lee - I think you got it!  I downloaded that program, tested.  -If- I am
> interpreting this correctly, then "Location:
> http://www.example.com/shop/cart.php" is the culprit.  Yes?.

Yes, that will cause the warning message in IE.

> This leaves me at "Is this a problem which is owned by the company that
> manufactures the product?"  There is no control panel configuration to
> change the behavior.

If the product you're using is hardwired to behave this way yes, but
it just looks like the login page is redirecting to its referrer and
instruction its referrer to redirect to its originally instended
destination, in effect, it's just re-issuing the request that it
trapped.

> Might another workaround be to set up redirection
> such that the cart et all are forced to go through https?

Yeah, try enforcing https on all pages than can be the referrer for
the login page.  I hope that doesn't mean all your pages!

-- 
LK



More information about the thelist mailing list