I have a client who has a lot of web site users using Internet
Explorer 6 on Windows. At the moment, the login form submits via
https, and then the user is redirected to a regular http page
afterward. In IE, we get this:
“You are about to be redirected to a connection that is not secure.
The information you are transmitting to the site may be retransmitted
to a nonsecure site…”
It happens whether the login form is http or https. The suggestion
in some forums is to do this:
Instead of the 302 redirect, give a 400 responce, and a meta-refresh
tag. <meta http-equiv="refresh" content="0;url=http://zzz.com/">
I'll need to modify a local copy of Apache2::AuthCookie to do this,
but I wondered if there are other solutions out there for this problem.
--
Barry Hoggard
Tristan Media LLC
w: www.tristanmedia.com
yahoo/aim: hoggardb