[ic] AlwaysSecure is not working

[Joachim Leidinger]

Kyle Cook wrote:
> Joachim,
> 
> If you use area and page tags and set AlwaysSecure then the url is built to
> be secure.

Yes! Right!
 
> To have IC "switch to secure" would require a redirect to the browser after the
> browser requested an unsecure page.
> 
> Technically it would be possible to redirect GET, but not possible to
> redirect POST.

It is the get methode! I simple type the url to the checkout page in to
the url bar of my browser.
 
> But there still remains the problem that the first call to an unsecure page
> passes
> all information insecurely before any redirect could be done.

Why is IC checking the url, page and name for secure by AlwaysSecure in
that page and not recognizing that the calling page itself is to be
secure? What I mean is,

AlwaysSecure  a b c

Page A has a link/url to b and c:

Manual calling the page a in my browser is showing the page a *insecure*
and the link/url in that page to the page b and c *is* secure.

I'm wondering! IC is knowing, which page is calling and parse that page
to check whether the another calling pages is set to be secure or not
and is not able to recognize the calling page itselft is to be secure?
 
> The best course is to use area and page tags!

Yes! Right! That I'm using and writting always! But a "smart" user
(maybe a redneck can see it too?) can see the url and call the secure
page manual and directly with http instead of https.

I know, if the user itselft call a page insecure, it is his own risk to
do that.
But there is a lot of enough newbie of WWW, who type a url with http
instead of https or he has a bookmark of a secure IC page and believe, a
https is wrong and change the bookmark to http.

Any comments?

Thanks!

Joachim

-- 
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[leidinger@bpanet.de] 
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de