ASP + SSL -- Using http and https

[McKirahan]

I have an ASP site, an SSL certificate, and an {Order page}.

I want to use "https" for the {Order page} and "http" for all others.

Each page "includes" a common ".asp" file which detects the
current protocol and page via the Request.ServerVariables():
"SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively.

( If "SERVER_PORT_SECURE" = 1 Then "https" else http". )

If the {Order page} is requested then "https" is used
otherwise "http" is used. The pseudo-logic is:

If {Order page} Then
If Not {https} Then
Response.Redirect( {https} & {Order page} )
End If
Else
If {https} Then
Response.Redirect( {http} & {Other pages} )
End If
End If

Is this the best approach? Are there other ways to do it?

Thanks in advance.

 

[Jason Brown [MSFT]]

That's a pretty good, low-complexity approach, providing the include IS
always included where you need it. You are aware though that you'll lose
Session variables when moving from HTTP to HTTPS and vice-versa, right?

 

[McKirahan]

That's a pretty good, low-complexity approach, providing the include IS
always included where you need it. You are aware though that you'll lose
Session variables when moving from HTTP to HTTPS and vice-versa, right?

[snip]

Thanks for the feedback and the heads-up, Jason.

Luckily I only use one Session variable on the HTTPS page.