[thelist] SSL Site redirection message

Roger Ly evolt at matchpenalty.com
Fri Oct 31 11:40:16 CST 2003

>Yes. Most sites that I've seen use javascript:

>You can verify this yourself by going to anyone of the sites out there
>Hotmail, Yahoo etc) where you use SSL to signin, then get redirected
>to the non-SSL content. Disable all scripting in your browser and have
>look at the source of what get's sent to you.

One caveat as Bob mentioned in an earlier post is that you will get a
dialog if you have set your IE settings to "Warn if changing between
secure and not secure mode".  If that option is set, not matter what you
do, if the user goes from an https url to an http one (or vice versa),
the user will get a dialog telling them so (that means if a user clicks
on a link going from http to https, they'll get a warning, and if a user
is redirected from one to another, they will get a warning).

In the different methods I have tried:  Javascript, 302, Meta redirect,
no matter what you do, the user is prompted that they will be moving
from secure to non-secure.

One thing I have noticed is that if you have the above option checked,
you get a dialog with the "don't show me again" option available.  I'm
pretty sure I've seen a similar dialog without that option available,
but I'm not entirely sure what brings that about.  



More information about the thelist mailing list