ASP + SSL -- Using http and https

TheMSsForum.com: The Microsoft Software Forum

I have an ASP site, an SSL certificate, and an {Order page}.

I want to use "https" for the {Order page} and "http" for all others.

Each page "includes" a common ".asp" file which detects the
current protocol and page via the Request.ServerVariables():
"SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively.

( If "SERVER_PORT_SECURE" = 1 Then "https" else http". )

If the {Order page} is requested then "https" is used
otherwise "http" is used. The pseudo-logic is:

If {Order page} Then
If Not {https} Then
Response.Redirect( {https} & {Order page} )
End If
Else
If {https} Then
Response.Redirect( {http} & {Other pages} )
End If
End If

Is this the best approach? Are there other ways to do it?

Thanks in advance.
Top

Re: ASP + SSL -- Using http and https by Jason

Jason
Wed Apr 06 21:03:57 CDT 2005

That's a pretty good, low-complexity approach, providing the include IS
always included where you need it. You are aware though that you'll lose
Session variables when moving from HTTP to HTTPS and vice-versa, right?



--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no rights.

"McKirahan" <News@McKirahan.com> wrote in message
news:Gc2dnUvrkf3tFs_fRVn-gQ@comcast.com...
>I have an ASP site, an SSL certificate, and an {Order page}.
>
> I want to use "https" for the {Order page} and "http" for all others.
>
> Each page "includes" a common ".asp" file which detects the
> current protocol and page via the Request.ServerVariables():
> "SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively.
>
> ( If "SERVER_PORT_SECURE" = 1 Then "https" else http". )
>
> If the {Order page} is requested then "https" is used
> otherwise "http" is used. The pseudo-logic is:
>
> If {Order page} Then
> If Not {https} Then
> Response.Redirect( {https} & {Order page} )
> End If
> Else
> If {https} Then
> Response.Redirect( {http} & {Other pages} )
> End If
> End If
>
> Is this the best approach? Are there other ways to do it?
>
> Thanks in advance.
>
>


Top

Re: ASP + SSL -- Using http and https by McKirahan

McKirahan
Thu Apr 07 04:31:51 CDT 2005

"Jason Brown [MSFT]" <i-brjaso@online.microsoft.com> wrote in message
news:ujDFQYxOFHA.2788@TK2MSFTNGP09.phx.gbl...
> That's a pretty good, low-complexity approach, providing the include IS
> always included where you need it. You are aware though that you'll lose
> Session variables when moving from HTTP to HTTPS and vice-versa, right?
>
>
>
> --
> Jason Brown
> Microsoft GTSC, IIS

[snip]

Thanks for the feedback and the heads-up, Jason.

Luckily I only use one Session variable on the HTTPS page.


Top