form posted fields disappear when posting from secure to a non-secure page

[wolfing1]

Not sure if this question is related to HTML or if it's an ASP
thing, but when I post a form in a secure page to a nonsecure page, the
posted fields come in as blank (this doesn't happen from nonsecure to
secure). Is this something I can fix somehow? Or should it happen?
(I'm trying to use POST method for all my pages)

 

[Harlan Messinger]

Not sure if this question is related to HTML or if it's an ASP
thing, but when I post a form in a secure page to a nonsecure page, the
posted fields come in as blank (this doesn't happen from nonsecure to
secure). Is this something I can fix somehow? Or should it happen?
(I'm trying to use POST method for all my pages)

I don't know how you're doing this, but if you're relying on Session
variables to persist data from one page to the next, you can't.
http://www.example.com is a different website from
https://www.example.com, and none of the pages on either of them knows
about any data you've stored in Session on pages from the other.

 

[wolfing1]

I don't know how you're doing this, but if you're relying on Session
variables to persist data from one page to the next, you can't.
http://www.example.com is a different website from
https://www.example.com, and none of the pages on either of them knows
about any data you've stored in Session on pages from the other.

No, I mean form fields. Like
Page 1 (secure):
<form name="bleh" method="post" action="/pages/test.asp">
<input type="text" name="emailaddress">
<input type="submit" ...>
</form>

In test.asp the value of the field 'emailaddress' (as in
request.form("emailaddress")) is blank

 

[Adrienne Boswell]

Gazing into my crystal ball I observed (e-mail address removed) writing in

No, I mean form fields. Like
Page 1 (secure):
<form name="bleh" method="post" action="/pages/test.asp">
<input type="text" name="emailaddress">
<input type="submit" ...>
</form>

In test.asp the value of the field 'emailaddress' (as in
request.form("emailaddress")) is blank

What happens if you do this on the page that is losing the data?

<%
For ix = 1 to Request.Form.Count
field = Request.Form.Key(ix)
InputValue = Request.Form.Item(ix)
response.write field & " = " & InputValue & "<br />"
Next
%>

 

[wolfing1]

Gazing into my crystal ball I observed (e-mail address removed) writing in


What happens if you do this on the page that is losing the data?

<%
For ix = 1 to Request.Form.Count
field = Request.Form.Key(ix)
InputValue = Request.Form.Item(ix)
response.write field & " = " & InputValue & "<br />"
Next
%>

If I enter from a secure page, the field is blank. If I enter from a
nonsecure page, the field has the value entered.

 

[Adrienne Boswell]

Gazing into my crystal ball I observed (e-mail address removed) writing in

If I enter from a secure page, the field is blank. If I enter from a
nonsecure page, the field has the value entered.

What is the value of the action attribute of the form element? You need
to specify https there as well, eg:

<form method="post" action="https://www.example.com/form.asp">

 

[wolfing1]

Gazing into my crystal ball I observed (e-mail address removed) writing in


What is the value of the action attribute of the form element? You need
to specify https there as well, eg:

<form method="post" action="https://www.example.com/form.asp">

But the page I'm posting to is not secure.
Basically, the field and form are part of a page header which all my
pages share with a 'search' field. So, when someone enters a word here
and presses the 'go' button, the value is (or should be) posted to the
'search_results' page which does the searching and shows the results.
So, the callling page could be secure or not, and the action for the
form would be 'http:' since the "search results" page is not secure.
But what I found is that, when I do it from a non-secure page the field
goes fine, but when I do it from a secure page, the field goes blank.

 

[Adrienne Boswell]

Gazing into my crystal ball I observed (e-mail address removed) writing in

But the page I'm posting to is not secure.
Basically, the field and form are part of a page header which all my
pages share with a 'search' field. So, when someone enters a word here
and presses the 'go' button, the value is (or should be) posted to the
'search_results' page which does the searching and shows the results.
So, the callling page could be secure or not, and the action for the
form would be 'http:' since the "search results" page is not secure.
But what I found is that, when I do it from a non-secure page the field
goes fine, but when I do it from a secure page, the field goes blank.

Then you have to determine whether or not you are on a secure page.

<% if request.servervariables("HTTPS") = "off" then
serverswitch = "HTTPS"
else
serverswitch = "HTTP"
end if

formaction = serverswith & request.servervariables("script_name")
if request.servervariables("querystring") <> "" then
formaction = formaction & "?" & request.servervariables
("quertystring")
else
formaction = formaction
end if
%>

 

[Adrienne Boswell]

("quertystring")

querystring not queRtystring