http to https redirect

Discussion in 'ASP .Net' started by Axel, Mar 28, 2009.

  1. Axel

    Axel Guest

    Hi

    This is a standard asp question, (old site done with standard asp and
    vb) I did not find an English speaking "plain asp" group;

    I am trying to redirect on some (login) pages from https to http by
    using Response.Redirect but it seems to always end up on https pages.
    The other way around (http to https) works fine. What could cause such a
    behavior? Maybe some global switch in global.asa? Or cookies set by the
    secure page? Its really weird.

    I am considering doing the redirect client side but I don't want the
    whole page to load and then to the redirect as its slooow. OTOH I am
    scared of cutting the page short server site in case the client redirect
    method fails (e.g. due to ignoring javascript or meta headers). Is there
    a sure fire way to redirect to non-secure after successful login?

    thanks in advance
    Axel
     
    Axel, Mar 28, 2009
    #1
    1. Advertising

  2. Axel

    Toni Guest

    "Axel" wrote...
    > Hi
    >
    > This is a standard asp question, (old site done with standard asp and vb) I did not
    > find an English speaking "plain asp" group;
    >
    > I am trying to redirect on some (login) pages from https to http by using
    > Response.Redirect but it seems to always end up on https pages. The other way around
    > (http to https) works fine. What could cause such a behavior? Maybe some global switch
    > in global.asa? Or cookies set by the secure page? Its really weird.
    >
    > I am considering doing the redirect client side but I don't want the whole page to
    > load and then to the redirect as its slooow. OTOH I am scared of cutting the page
    > short server site in case the client redirect method fails (e.g. due to ignoring
    > javascript or meta headers). Is there a sure fire way to redirect to non-secure after
    > successful login?
    >
    > thanks in advance
    > Axel


    Instead of response.redirect, use Response.AddHeader
    <%
    ' strURL = URL you want to redirect to
    strURL = http://www.UrlRedirect.com
    Response.AddHeader ("Location", strURL)
    Response.End
    ' rest of code goes here
    %>

    I've found that Response.AddHeader is much nicer and has a more predictable behavior
    than response.redirect.
    Although most would say it's not needed, I always place Response.End after any redirect
    in case the redirect fails for any reason whatsoever (I'm just paranoid that way).

    You might need the parenthesis around it if you are doing ASP.NET, they are not needed
    in Classical ASP.
     
    Toni, Mar 29, 2009
    #2
    1. Advertising

  3. Axel

    George Guest

    you code to set the return code to 302 or 301 for it to work
    Response.StatusCode = 302

    George.


    "Toni" <> wrote in message
    news:...
    > "Axel" wrote...
    >> Hi
    >>
    >> This is a standard asp question, (old site done with standard asp and vb)
    >> I did not find an English speaking "plain asp" group;
    >>
    >> I am trying to redirect on some (login) pages from https to http by using
    >> Response.Redirect but it seems to always end up on https pages. The other
    >> way around (http to https) works fine. What could cause such a behavior?
    >> Maybe some global switch in global.asa? Or cookies set by the secure
    >> page? Its really weird.
    >>
    >> I am considering doing the redirect client side but I don't want the
    >> whole page to load and then to the redirect as its slooow. OTOH I am
    >> scared of cutting the page short server site in case the client redirect
    >> method fails (e.g. due to ignoring javascript or meta headers). Is there
    >> a sure fire way to redirect to non-secure after successful login?
    >>
    >> thanks in advance
    >> Axel

    >
    > Instead of response.redirect, use Response.AddHeader
    > <%
    > ' strURL = URL you want to redirect to
    > strURL = http://www.UrlRedirect.com
    > Response.AddHeader ("Location", strURL)
    > Response.End
    > ' rest of code goes here
    > %>
    >
    > I've found that Response.AddHeader is much nicer and has a more
    > predictable behavior than response.redirect.
    > Although most would say it's not needed, I always place Response.End after
    > any redirect in case the redirect fails for any reason whatsoever (I'm
    > just paranoid that way).
    >
    > You might need the parenthesis around it if you are doing ASP.NET, they
    > are not needed in Classical ASP.
    >
    >
    >
    >
    >
    >
    >
     
    George, Mar 30, 2009
    #3
  4. Axel

    Axel Guest

    Re: http to https redirect - still not working

    Hi - I am still struggling can not make a server side redirect happen
    from https to http.

    I tried George's and also Toni's suggestion (see below). I always end up
    on a https page again. Could it be something that the ISP enforces? In
    the browser, I can follow links from https to http pages but the (server
    side) redirect from https to http after successful login just simply
    does not work for me - always stays in https!

    After reading
    http://www.4guysfromrolla.com/aspfaqs/ShowFAQ.asp?FAQID=72 (ADPFAQs.com)
    and
    http://www.somacon.com/p145.php (Permanent Redirect with HTTP 301)

    Here is my final code - I also made sure not have ANY output before I
    call the page. However some session variables are written (these are
    needed to identify the user once he is logged on)

    Function redirectNoSSL(sUrl)
    Dim sNewURL
    sNewURL = stripSSL(sUrl)
    If Response.Buffer=True then
    Response.Clear
    Response.Buffer=False
    End If

    'Call Response.Redirect(sNewURL)
    ' instead of redirect!

    Response.Status = "301 Moved Permanently"
    Call Response.AddHeader ("Location", sNewURL)
    End Function

    (stripSSL works fine it just rewrites the (complete) passedf URL with
    http: instead of https

    any other suggestions.


    George wrote:
    > you code to set the return code to 302 or 301 for it to work
    > Response.StatusCode = 302
    >
    > George.
    >
    >
    > "Toni" <> wrote in message
    > news:...
    >> "Axel" wrote...
    >>> Hi
    >>>
    >>> This is a standard asp question, (old site done with standard asp and
    >>> vb) I did not find an English speaking "plain asp" group;
    >>>
    >>> I am trying to redirect on some (login) pages from https to http by
    >>> using Response.Redirect but it seems to always end up on https pages.
    >>> The other way around (http to https) works fine. What could cause
    >>> such a behavior? Maybe some global switch in global.asa? Or cookies
    >>> set by the secure page? Its really weird.
    >>>
    >>> I am considering doing the redirect client side but I don't want the
    >>> whole page to load and then to the redirect as its slooow. OTOH I am
    >>> scared of cutting the page short server site in case the client
    >>> redirect method fails (e.g. due to ignoring javascript or meta
    >>> headers). Is there a sure fire way to redirect to non-secure after
    >>> successful login?
    >>>
    >>> thanks in advance
    >>> Axel

    >>
    >> Instead of response.redirect, use Response.AddHeader
    >> <%
    >> ' strURL = URL you want to redirect to
    >> strURL = http://www.UrlRedirect.com
    >> Response.AddHeader ("Location", strURL)
    >> Response.End
    >> ' rest of code goes here
    >> %>
    >>
    >> I've found that Response.AddHeader is much nicer and has a more
    >> predictable behavior than response.redirect.
    >> Although most would say it's not needed, I always place Response.End
    >> after any redirect in case the redirect fails for any reason
    >> whatsoever (I'm just paranoid that way).
    >>
    >> You might need the parenthesis around it if you are doing ASP.NET,
    >> they are not needed in Classical ASP.
    >>
    >>
    >>
    >>
    >>
    >>
    >>

    >
     
    Axel, Apr 18, 2009
    #4
  5. Axel

    Axel Guest

    Re: http to https redirect - still not working

    >> I am still struggling can not make a server side redirect happen from
    >> https to http.

    >
    > And you're still in the wrong newsgroup...
    >
    > please post ASP Classic questions to:
    > microsoft.public.inetserver.asp.general

    thanks Mark, I will take it there again (I was just encouraged by the
    answers on this group; there was lot less feedback on there, but I guess
    its a difficult enough question which might be environment dependant)
     
    Axel, Apr 21, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alfredo Barrientos
    Replies:
    0
    Views:
    548
    Alfredo Barrientos
    Aug 31, 2005
  2. Forrest Samuels

    Jetty and http to https redirect

    Forrest Samuels, Dec 4, 2004, in forum: Java
    Replies:
    1
    Views:
    4,132
    Steve Sobol
    Dec 5, 2004
  3. =?Utf-8?B?RGFiYmxlcg==?=

    redirect from https to http w/o security warning

    =?Utf-8?B?RGFiYmxlcg==?=, Apr 27, 2006, in forum: ASP .Net
    Replies:
    6
    Views:
    18,349
    april198474
    Sep 23, 2009
  4. Axel
    Replies:
    8
    Views:
    1,263
    Adrienne Boswell
    Apr 27, 2009
  5. jotto
    Replies:
    4
    Views:
    441
    jotto
    Oct 2, 2006
Loading...

Share This Page