We have a dynamic website using the Jetty JSP engine and JBoss app server. Users log into the site via a secure page (https://foo.com[:https-port]/login.jsp) and end up on the home page, still in https (https://foo.com[:https-port]/home.jsp). Most pages within the site don't require SSL, so for the links on the home page, we expand all of them to be absolute non-secure URLs (e.g., http://foo.com[:http-port]/about.jsp). Even though these are absolute URLs, when you click on them (I've seen this in both NS 4.72 and 6.1), the browser goes to HTTPS instead. In fact, if the site is running on non-standard ports, it even goes to the right HTTPS port. In other words, you click on the absolute URL http://foo.com:8080/about.jsp and end up at https://foo.com:8443/about.jsp. Internet Explorer does not do this, only Netscape. Does anyone have any idea WHY Netscape does this, and more importantly, is there a way to STOP it from happening?
