Page not allowing SSL and non-ssl

This is an open forum for any mojoPortal topics that don't fall into the other categories.

This thread is closed to new posts. You must sign in to post in the forums.
10/19/2011 2:25:52 PM
Mark Horan
Gravatar
Total Posts 15
View Posts

Page not allowing SSL and non-ssl

I'm having an issue where I need to be able to hit some pages in my site either using SSL or not and to let that be controlled by how the user accesses the page in the URL.  Right now SSL is enabled and works well on the login page etc but the pages I'm trying to allow to use both always redirect to the non-SSL version even when explicitly specified with https in the url.  I have played with the AllowForcingPreferredHostName setting as both true and false and it doesn't affect the behavior.

For example if you click the following two links they both end up on the non-ssl version of the page and I can't figure out why.

http://www.churchteams.com/ct/services

https://www.churchteams.com/ct/services

Any help would be appreciated.

Thanks, Mark

 

10/19/2011 2:43:36 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Page not allowing SSL and non-ssl

Hi Mark,

I need to be able to hit some pages in my site either using SSL or not and to let that be controlled by how the user accesses the page in the URL

Why?

If the page has no sensitive content why do you care about it redirecting out of SSL?

It does that by design because if a page is not designed to use SSL then users may get browser warnings if the page has some unsecure content, ie an image or javascript with src="http://... will cause a browser warning if the conatasining page url is https://.... So if SSL is available and the page is not marked to use SSL in page settings we redirect out of SSL to avoid the possible browser warning. We use relative urls in the menu so if a user is on a secure page and they clicked a menu link it would result in https on every page they go to by relative links, and again it can lead to unintended browser warnings. Things like the Facebook like button don't work on SSL pages and we can't assume that you have nothing in your content that would cause a browser warning if the page is using SSL.

It is also more work for the server to encrypt pages that don't need it.

Hope that helps,

Joe

10/19/2011 2:57:05 PM
Mark Horan
Gravatar
Total Posts 15
View Posts

Re: Page not allowing SSL and non-ssl

That's a good question and I understand all the caveats you mentioned and see why it generally makes sense.  The reason I'm wanting it is that we have a couple pages in mojo where we host some of our documentation for a portion of our application which is in classic ASP.  The classic ASP session isn't shared across SSL and non-SSL links so if users are logged in via SSL in classic asp and they get redirected to the non-SSL side their session isn't valid for the links in the documentation page in mojo.  Eventually forcing SSL on the mojo page will work but for now I would need it to work with SSL and non-SSL based on the URL.  If it's not an option then I'll work around it either by moving those pages out of mojo but it would be great to be able to handle it.

Thanks, Mark

You must sign in to post in the forums. This thread is closed to new posts.