SSL security issue

[Indunil]

Hi guys,

I have an application implemented in which some pages are SSL(HTTPS)
secure and some are not.
ISSUE
user clicks on a button which goes to SSL secure page. But if the
session has been expired it must go to an session error page.
the issue is when the page goes to the session error page it shows the
secure popup(which is shown by the browser) saying that "this page
contains both secure and nonsecure items...."

How can i prevent this.

I'm using Spring and Struts.

 

[Timo Stamm]

Hi guys,

I have an application implemented in which some pages are SSL(HTTPS)
secure and some are not.
ISSUE
user clicks on a button which goes to SSL secure page. But if the
session has been expired it must go to an session error page.
the issue is when the page goes to the session error page it shows the
secure popup(which is shown by the browser) saying that "this page
contains both secure and nonsecure items...."

How can i prevent this.

Remove all absolute links. If IE finds an URL to a non-SSL resource (for
an image, style sheet, script, link, etc.) on a SSL page, it complains.
Check that your session error page works flawlessly on SSL and non-SSL
pages.

You may want to ask in a newsgroup about browsers if you have further
questions, because this issue has nothing to do with Java.


Timo