ASP + SSL -- Using http and https

Discussion in 'ASP General' started by McKirahan, Apr 5, 2005.

  1. McKirahan

    McKirahan Guest

    I have an ASP site, an SSL certificate, and an {Order page}.

    I want to use "https" for the {Order page} and "http" for all others.

    Each page "includes" a common ".asp" file which detects the
    current protocol and page via the Request.ServerVariables():
    "SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively.

    ( If "SERVER_PORT_SECURE" = 1 Then "https" else http". )

    If the {Order page} is requested then "https" is used
    otherwise "http" is used. The pseudo-logic is:

    If {Order page} Then
    If Not {https} Then
    Response.Redirect( {https} & {Order page} )
    End If
    Else
    If {https} Then
    Response.Redirect( {http} & {Other pages} )
    End If
    End If

    Is this the best approach? Are there other ways to do it?

    Thanks in advance.
    McKirahan, Apr 5, 2005
    #1
    1. Advertising

  2. That's a pretty good, low-complexity approach, providing the include IS
    always included where you need it. You are aware though that you'll lose
    Session variables when moving from HTTP to HTTPS and vice-versa, right?



    --
    Jason Brown
    Microsoft GTSC, IIS

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "McKirahan" <> wrote in message
    news:...
    >I have an ASP site, an SSL certificate, and an {Order page}.
    >
    > I want to use "https" for the {Order page} and "http" for all others.
    >
    > Each page "includes" a common ".asp" file which detects the
    > current protocol and page via the Request.ServerVariables():
    > "SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively.
    >
    > ( If "SERVER_PORT_SECURE" = 1 Then "https" else http". )
    >
    > If the {Order page} is requested then "https" is used
    > otherwise "http" is used. The pseudo-logic is:
    >
    > If {Order page} Then
    > If Not {https} Then
    > Response.Redirect( {https} & {Order page} )
    > End If
    > Else
    > If {https} Then
    > Response.Redirect( {http} & {Other pages} )
    > End If
    > End If
    >
    > Is this the best approach? Are there other ways to do it?
    >
    > Thanks in advance.
    >
    >
    Jason Brown [MSFT], Apr 7, 2005
    #2
    1. Advertising

  3. McKirahan

    McKirahan Guest

    "Jason Brown [MSFT]" <> wrote in message
    news:...
    > That's a pretty good, low-complexity approach, providing the include IS
    > always included where you need it. You are aware though that you'll lose
    > Session variables when moving from HTTP to HTTPS and vice-versa, right?
    >
    >
    >
    > --
    > Jason Brown
    > Microsoft GTSC, IIS


    [snip]

    Thanks for the feedback and the heads-up, Jason.

    Luckily I only use one Session variable on the HTTPS page.
    McKirahan, Apr 7, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    5
    Views:
    380
    Steve Holden
    Feb 23, 2009
  2. Rujuta Gandhi

    Sign in using https becomes anonymous for pages using http

    Rujuta Gandhi, Dec 11, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    102
    Rujuta Gandhi
    Dec 11, 2004
  3. John Xu

    ASP with HTTPS and SSL

    John Xu, Aug 25, 2003, in forum: ASP General
    Replies:
    5
    Views:
    139
  4. Brian Pitt
    Replies:
    0
    Views:
    751
    Brian Pitt
    Sep 18, 2008
  5. jotto
    Replies:
    4
    Views:
    387
    jotto
    Oct 2, 2006
Loading...

Share This Page