[ic] AlwaysSecure is not working
Kyle Cook
interchange-users@interchange.redhat.com
Mon Feb 25 18:17:00 2002
At 08:56 AM 2/25/02, you wrote:
>Hi List,
>
>since IC Version 4.6.5 and IC 4.8.3,
>
>3.4. AlwaysSecure
>-----------------
>
>Determines whether checkout page operations should always be secure.
>Set it to the pages that should always be secure, separated by spaces
>and/or tabs.
>
> AlwaysSecure ord/checkout
>
>is not working. Am I missing somethings?
>
>In normal case, if I call
>
>http://www.mydomain.com/cgi-bin/myshop/ord/checkout
>
>it should be secure by IC automatically. But why is that not working
>with IC? MV make this right!
>
>Any tips, hints and suggestions are very welcomes.
>
>Thanks!
>
>Joachim
Joachim,
If you use area and page tags and set AlwaysSecure then the url is built to
be secure.
To have IC "switch to secure" would require a redirect to the browser after the
browser requested an unsecure page.
Technically it would be possible to redirect GET, but not possible to
redirect POST.
But there still remains the problem that the first call to an unsecure page
passes
all information insecurely before any redirect could be done.
The best course is to use area and page tags!
Kyle Cook