ASP: Secure Login & Redirection
lee.fei...@transamerica.com
In the current application I am developing, I have the following setup:
index.asp: User enters username and password login.asp: Receives POSTed data
from index.asp, validates information, "logs in" the user - if successful,
redirects the user to home.asp home.asp: home page of the app once logged in
Now, I would like to make the login process secure (for the sake of
passwords) - So, I have required SSL on index.asp and login.asp, which I
figured should do the trick.
However, whenever someone logs in successfully, they get the following
message (Netscape 4.05) "Warning! You have requested an insecure document
that was originally designated a secure document (the location has been
redirected from a secure to insecure document). The document and any
information you send back could be observed by a third party while in
transit."
Now, from my end, this is fine, I know what happened:
index.asp sent the encrypted data ot login.asp which took care of it and
redirected to the insecure home.asp (sending no data, no nothing is
compromised). However, I *can't* let my users see that error message: they'll
freak and never use the system.
I also don't want to make home.asp secure, as it is the "cornerstone" of most
of the site, and will be ccessed many times and has no real reason to be
secure.
Is there any solution to this scenario that avoids the warning netscape gives?
(IE 4 gives a similar, equally "scary" message)
Thanks for any help,
Lee
PS - a CC to lee.fei...@transamerica.com is much appreciated
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum