HTTP to HTTPS to HTTP (SSL) 1

[SH4F33]

Helli everybody. Im trying to implement a secure registration for customers using SSL. Im doing my tests using a 14-days trial SSL certificate. The registration page is register.asp, and when submitting the form, the user information goes to registerme.asp which will add the record to the database, gives the user a message and the username and the password, and after 5 seconds, the page will be redirected to login.asp.

I want only the register.asp page to be secured. Ive used the below code (from microsoft) to force the page to https.

<%
   If Request.ServerVariables("SERVER_PORT")=80 Then
      Dim strSecureURL
      strSecureURL = "[URL unfurl="true"]https://"[/URL]
      strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
      strSecureURL = strSecureURL & Request.ServerVariables("URL")
      Response.Redirect strSecureURL
   End If
%>

The main page (index.htm) is accessed normally (via http), and when clicking on the "register" link, the registration page will shift to https automatically because of the above code. But the problem here is that when sending the information to registerme.asp, it is still HTTPS and when redirecting the user to the login page, it is still in https mode. Any help for shifting back to http on registerme.asp?

Many thanks in advance.

 

[damber]

I want only the register.asp page to be secured.

Then what is the point of having any security on your site ? As soon as you post to the non-secured registerme.asp page, all the data will become visible to anyone wanting to sniff it.

when you post to a page you can specify the full url, including the protocol:

http://www.example.com/dir/page.asp

But WHY ? the request of register.asp only gets the pages HTML .. (which you've secured) .. then you are posting to an unsecured page - which is where the data the user enters (the private stuff you're trying to secure) is being passed (but without any security/encryption)

So, really, you DO want to secure registerme.asp.



A smile is worth a thousand kind words. So smile, it's easy!

 

[SH4F33]

Thanks for the comments.
Ok then, these 2 pages should be secured. Then how can I redirect the user back to a normal page? Lets say from register.asp to registergme.asp, its done via https. I dont want the user to browse the entire site using HTTPS. So after registering the user, theres no need for any SSL, I need to redirect the user back to the index or login page in normal mode.

Thanks for any reply.

 

[damber]

response.redirect("

http://www.examples.com/dir/page.asp")

or you can use the same script but in reverse (i.e. check for https and change to http)

btw you should also secure the login page and the page that posts to aswell...



A smile is worth a thousand kind words. So smile, it's easy!

 

[SH4F33]

Im very sorry for not seeing this. I just had to replace https to http in the script. Thanks for ur reply.

 

[damber]

no problem, glad to help.

(but make sure you secure the login page aswell, otherwise your users security will suffer)

best of luck

A smile is worth a thousand kind words. So smile, it's easy!