J
John Hamilton via .NET 247
Hello. Here's my problem. I have an e-commerce site with alogin & checkout pages needing to be secure. To enforce thesepages to be ssl I simply put in the page load:
If Not Request.IsSecureConnection Then
Response.Redirect(Request.URL.AbsoluteUri.Replace("http:","https:"))
End If
Now this works fine as long as cookieless is false. I'm finewith that. The only problem is IE gives a popup warning thatthe certificate name doesn't match the site. This is becausethe original page server_host is setup as www.abcdef.com, andthe common name on the ssl is only abcdef.com (no www).
Now if I change my redirect code to this:
If Not Request.IsSecureConnection Then
Response.Redirect(Request.URL.AbsoluteUri.Replace("http://" &Request.ServerVariables("HTTP_HOST"), "https://abcdef.com"))
End If
A new session is created because the server_host is different,and all information from the previous http session isunavailable in the new https session. I could force all pagesto use the common name as the host, but this is not ideal. Eventually I'd like to use a shared ssl server (on the samemachine). Is there any way around this without serializing allmy objects and storing them in cookies?
Thanks!
If Not Request.IsSecureConnection Then
Response.Redirect(Request.URL.AbsoluteUri.Replace("http:","https:"))
End If
Now this works fine as long as cookieless is false. I'm finewith that. The only problem is IE gives a popup warning thatthe certificate name doesn't match the site. This is becausethe original page server_host is setup as www.abcdef.com, andthe common name on the ssl is only abcdef.com (no www).
Now if I change my redirect code to this:
If Not Request.IsSecureConnection Then
Response.Redirect(Request.URL.AbsoluteUri.Replace("http://" &Request.ServerVariables("HTTP_HOST"), "https://abcdef.com"))
End If
A new session is created because the server_host is different,and all information from the previous http session isunavailable in the new https session. I could force all pagesto use the common name as the host, but this is not ideal. Eventually I'd like to use a shared ssl server (on the samemachine). Is there any way around this without serializing allmy objects and storing them in cookies?
Thanks!