[nycphp-talk] Fix for IE Security Alert " You are about to be redirected to a connection that is not secure"
Cliff Hirsch
cliff at pinestream.com
Sat Jun 16 08:24:01 EDT 2007
On 6/16/07 12:00 AM, "Allen Shaw" <ashaw at polymerdb.org> wrote:
> Cliff Hirsch wrote:
>> When redirecting from a secure login page to a non-secure page after logging
>> in, Internet Explore pops up the following security alert:
>>
>> ³You are about to be redirected to a connection that is not secure"
>>
>> Doe anyone know how to prevent this?
>>
> Hi Cliff,
>
> I'm pretty sure this is a client/user preference issue. You can turn it
> off in IE as a user, but from the server side, I think you're just stuck
> with it. Best you can do is explain it to your users.
>
> - Allen
But I just tried logging into Hotmail using IE and SSL. After login, it
redirects to a non-secure page without the warning. So they figured out how
to get around the bug,
Could they be doing a double redirect? First redirect to a secure page,
which does an immediate client-side redirect to a non-secure page? Poking
around I've seen some proposed solutions the use the http header 400
response code and also a meta refresh tag.
More information about the talk
mailing list