Leaving the https:

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   My header.asp file has the paths like this 
../../index.html
../../contactus.html

Problem is when the user starts a secure session (https:) and then decides to click on a link  (away from asp) it keeps the secured session active (https:) not http:.  So the html page get the security warning because its https: not http:. 

Is this avoidable?

Thanks
SDI

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
SharpDataInc Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 10-August-2010 Location: Chicago Status: Offline Points: 0	Post Options Post Reply Quote SharpDataInc Report Post Thanks(0) Quote Reply Topic: Leaving the https: Posted: 11-May-2011 at 12:49am
	My header.asp file has the paths like this ../../index.html ../../contactus.html Problem is when the user starts a secure session (https:) and then decides to click on a link (away from asp) it keeps the secured session active (https:) not http:. So the html page get the security warning because its https: not http:. Is this avoidable? Thanks SDI
	Sharp Data Incorporated

Greg Dinger Members Profile Send Private Message Find Members Posts Add to Buddy List Certified ProductCart Developers Joined: 23-September-2006 Location: United States Status: Offline Points: 238	Post Options Post Reply Quote Greg Dinger Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 12:56am
	we make a point of hard-coding our stores, once they launch, so that all links point to fully-pathed HTTP or HTTPS URLs, dependant upon whis is appropriate. That is the way we avoid the conflict you describe.

SharpDataInc Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 10-August-2010 Location: Chicago Status: Offline Points: 0	Post Options Post Reply Quote SharpDataInc Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 7:23am
	How do you avoid the security warning in the checkout? At the time of checkout, if there is a hard coded path in the header.asp: href="http://www.website.com/html/myhtml" you will get the security warning message box.
	Sharp Data Incorporated

cognecy Members Profile Send Private Message Find Members Posts Add to Buddy List Certified ProductCart Developers Joined: 18-March-2006 Location: United States Status: Offline Points: 8	Post Options Post Reply Quote cognecy Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 8:06am
	Keep in mind that a hard-coded "Link" as you have written it below will NOT cause a security warning. These security warnings are caused by calling (or inserting into) the current page an object like an image, a .js file, an includes statement with a full path etc. The reason is that while your page is trying to switch to https you are trying to build the page with elements that are not secure. The way to avoid security warnings is to ensure that all objects are referenced using a relative path ... something like: src="/somedirectory/someimage.jpg"
	Mark Shipp Cognecy Solutions, LLC Hosting/Design/Customization/Database Migration www.cognecy.com www.cognecy.co.uk

SharpDataInc Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 10-August-2010 Location: Chicago Status: Offline Points: 0	Post Options Post Reply Quote SharpDataInc Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 8:20am
	Ah, yeah its actually the js call that is causing the issue. The html is not the problem. Thanks!
	Sharp Data Incorporated

SharpDataInc Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 10-August-2010 Location: Chicago Status: Offline Points: 0	Post Options Post Reply Quote SharpDataInc Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 9:00am
	What about using Google Translate? An even Authorize.net logo, you are governed by their code for the logo. Authorize.net <a href="http://www.authorize.net/"><img src="http://www.authorize.net/files/PreferredReseller.gif" width="140" height="50" border="0" alt="Authorize.Net Preferred Reseller" /> </a> Google Translate <script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&w=160&h=60&title=&border=&output=js"></script> I cant have these on the asp pages. I will check with them, I believe they need to support https:, I thought Google did... Thanks SDI
	Sharp Data Incorporated

Greg Dinger Members Profile Send Private Message Find Members Posts Add to Buddy List Certified ProductCart Developers Joined: 23-September-2006 Location: United States Status: Offline Points: 238	Post Options Post Reply Quote Greg Dinger Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 10:17am
	Each of those very likely have an SSL, and changing to HTTPS should be successful. Just experiment a bit. Keep in mind that once you overcome any objects that are causing the SSL warning, my original comments still apply. If someone has gone to the "my account" login, or to checkout, and then browses back to the store - you still want to force them back to HTTP.

cognecy Members Profile Send Private Message Find Members Posts Add to Buddy List Certified ProductCart Developers Joined: 18-March-2006 Location: United States Status: Offline Points: 8	Post Options Post Reply Quote cognecy Report Post Thanks(0) Quote Reply Posted: 11-May-2011 at 10:30am
	For the Authorize.net logo just change the link to use https all the time. I checked and this worked just fine. You can check suspicious elements/objects yourself by just plugging in the source link into your browser address bar with an https. So your trust seal code will now look like this: <a href="http://www.authorize.net/"><img src="*https://www.authorize.net/files/PreferredReseller.gif" width="140" height="50" border="0" alt="Authorize.Net Preferred Reseller" /> </a> NOTE the only part that I changed to https was for the "object" that is being added to your page from an external source. As a rule of thumb: You can build a non-secure page using secure objects ... you cannot* build a secure page using non-secure objects. I just checked the link for the google translate code and it does not appear the gmodules.com portion (the first URL) will allow you to use https. The second portion that uses "google.com" will allow https so you could try this in your code: <script src="http://www.gmodules.com/ig/ifr?url=*https*://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&w=160&h=60&title=&border=&output=js"></script> I have not ever used that code in a website but if it is giving you problems after using my modification, you may have to leave that out of your code where the store is concerned. Edited by cognecy - 11-May-2011 at 10:32am
	Mark Shipp Cognecy Solutions, LLC Hosting/Design/Customization/Database Migration www.cognecy.com www.cognecy.co.uk

SharpDataInc Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 10-August-2010 Location: Chicago Status: Offline Points: 0	Post Options Post Reply Quote SharpDataInc Report Post Thanks(0) Quote Reply Posted: 16-May-2011 at 8:39am
	Thanks, fellas, got some of this stuff cleared away. SDI
	Sharp Data Incorporated