Post Reply 
half-ssl 302 redirect...
Nov. 24, 2010, 09:58 AM
Post: #1
half-ssl 302 redirect...
i've bumped into a half-ssl situation where the logout process lands on a 302 that redirects itself to a NON-half-ssl site...

here's the (modified) code for that landed-on 302...
Code:
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.insurance.com/WebMdLogOut/logout.html">here</a>.
</p>
</body></html>

in my half-ssl session, i click the site's (original) logout "button", the process lands on this 302, and it "jumps me out of" half-ssl (and the insuing nag screen when the browser hits an http s :// and thus the very reason i half-ssl to begin with, to avoid them [email protected]&n nags, lol)...

i've fixed "my" problem by writing a filter that replaces the "original" logout 'button' with a half-ssl link that points to where the 302 was non-halving to...


but the question herein is this, "should we rewrite the half-ssl filters so that they "catch" 302 redirects?" (or do they already and my above scenario is a "one-off" rarity?)
Add Thank You Quote this message in a reply
Nov. 24, 2010, 02:58 PM
Post: #2
RE: half-ssl 302 redirect...
(Nov. 24, 2010 09:58 AM)ProxRocks Wrote:  but the question herein is this, "should we rewrite the half-ssl filters so that they "catch" 302 redirects?" (or do they already and my above scenario is a "one-off" rarity?)

The filter is already there, see Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In).

I don't know why it doesn't work. It would help if you could post the http headers log.
Add Thank You Quote this message in a reply
Nov. 24, 2010, 03:22 PM
Post: #3
RE: half-ssl 302 redirect...
i'll keep my eye open if i see any more of these...
gonna write it off as a "one-off" unless i can find more...


the header logs look like they are "supposed to", but yet i'm getting a browser "ssl nag screen", so who knows...
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: