At 0:29 +0100 4/12/03, Henrik Nordstrom wrote:
On Wed, 3 Dec 2003, Jesse Reynolds wrote:
I'm having a problem where the backend appserver sends a 302 (moved temporarily) which is an absolute URL, and begins with "http" rather than "https" because it can't see that it was an https URL that it is servicing.
This is one aspect of the general problem of the web server not knowing it's real URL.
If you can it is absolutely best to address this in the web server to make both the server and applications know the correct URL of the server, allowing them to generate correct URLs whenever a full URL needs to be in a reply of any form.
Right. So what is the best way of letting the web server know whether the client is using HTTP or HTTPS ? We are currently thinking of adding some lines to the redirector to add "&ssl=1" to the URLs if the user is coming in via HTTPS, so that the application can know to generate an https:// url rather than http:// - does this sound like the best solution?
The only other thing I can see in the headers that may help is the Referrer which will work for pages that haven't been bookmarked by the user only... so I don't think this is good enough, better to tack &ssl=1 on the end of the urls I think.
Cheers
Jesse
--
::: Jesse Reynolds +61 (0)414 669 790 ::: AIM - jessedreynolds ::: ::: Virtual Artists Pty Ltd, Adelaide ::: http://www.va.com.au :::
