On 6/16/07 12:00 AM, "Allen Shaw" <[EMAIL PROTECTED]> wrote:
> Cliff Hirsch wrote: >> When redirecting from a secure login page to a non-secure page after logging >> in, Internet Explore pops up the following security alert: >> >> ³You are about to be redirected to a connection that is not secure" >> >> Doe anyone know how to prevent this? >> > Hi Cliff, > > I'm pretty sure this is a client/user preference issue. You can turn it > off in IE as a user, but from the server side, I think you're just stuck > with it. Best you can do is explain it to your users. > > - Allen But I just tried logging into Hotmail using IE and SSL. After login, it redirects to a non-secure page without the warning. So they figured out how to get around the bug, Could they be doing a double redirect? First redirect to a secure page, which does an immediate client-side redirect to a non-secure page? Poking around I've seen some proposed solutions the use the http header 400 response code and also a meta refresh tag. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
