I'm working on an e-commerce site and we've just purchased a secure certificate to transmit a shopping cart to the payment gateway without fear of tampering.
Question is, should the whole site be built on https:// or should only the form which posts to the payment gateway be secure?
I find that all the values of the session variables i have created is empty when i use https. I am sucessfully able to use these session variables in the other pages that does not use https. While making a shopping cart and using https for checkout process. What is the best method to retrieve cart values like item, total etc. Currently i'm using session to access these values in different pages during checkout but the problem is what i have mentioned above when i use https. What method do u prefer and how does it work?.
I have a question regarding https and SSL between two web sites. I am not quit understand how asp application can handle https, encryption and SSL. Here is scenario: An asp application on my web site requires to get form data from web client and to convert the data with XML format and send the data to another web site which only accepts https protocol. If my site needs to receive information from the remote web site, then I know a digital certificate needs to be installed on my side. and https configuration needs to be implemented on local web server. However, if all of local side need to do is to send data to remote web server with data encrypted, do I still need to install digital certificate and enable https on local web server? If not, how can I encrypt data with the the certificate so it can be accepted by remote server and be decoded by remote server side?
I'm in a non-secure page (http). When I click on a submit button, I'm about to enter the secure page (https). But I got the popup saying that I'm about to enter a non-sercure page, wanna continue(yes,no).
If I click YES, it take me to "https" page. This doesn't make any sense at all.
I'm trying to detect if the user is utilizing HTTP or HTTPS in the address bar. The following code responds true regardless of whether I use HTTP or HTTPS. What should I be using? In the end, if the user types in HTTP, I will redirect them to HTTPS.
<% If Request.Servervariables("https") <> "" Then Response.Write "this is https...OK!!!" End If %>
I have enforced SSL connections on my website to make it secure. My problem is if the users go to http://wesite-url they get an error message saying:The page must be viewed over a secure channel
The page you are trying to view requires the use of "https" in the address.
Instead of showing this error page, I want to automatically redirect them to https://website-url. Is it possible?? Do I need to to program this in gloabal.asa?
I have a site that requires a checkout process. THe checkout process occurs in the secure server. I need to pass session variables from one server to the next.
I've integrated a secure certificate into my e-commerce site. However, when I forward people to the account log-in area (https) all of the relative links on the page obviously then point to http://www.mydomain/homepage for example.
How do I do what Dabs do, and redirect these links back to non-secure pages, without hard-coding all links as full URLs?
I am developing an application over the web(intranet app). Now my problem has to do with secure communication between browser and webserver. I want to enable secure communication using https. Are there any alternatives other than buying certificate for virtual directory ?
I am trying to write a routine that allows users to download files from our secure site, with the code below the file will download and when you click save i get an IE error. However when the page is not https the routine runs just fine. Any Ideas?
I wish to have a web site that has most of the pages as normal HTTP pages but has some areas that use HTTPS. I want to have it that if a user selects a link to a HTTPS page that they go there an there Session Information is kept. I also wish to have the pages switch automatically to HTTPS if a visitor types the URL without the HTTPS. So my questions are: 1) How to redirect to a Secure Page without losing Session Info? 2) How to test if page is accessed by HTTPS, and if not switch to HTTPS quickly?
I think something like this code is what I want but how do I do it.
<% if not "HTTPS" then response.redirect(https://mysite.com/securepage.asp) end if %>
I got the code off of a website and found that many web sites had similar code for doing the same thing. The problem I am having is that the code will not redirect to the HTTPS and will keep reloading the page. Is there a setup issue with IIS that I might be missing?
I am trying to access a .NET web service over https:// using Microsoft.XMLHTTP but I am receiving "A security problem occurred. , Number=>-2146697202" error. I guess it is bacause of https certificate challenge. Is there a way to accept the certificate in ASP.
Just to explain what's going on briefly... I've added an include to the top of all files on our site (this code is pasted below) to check IP address, and then some pages will display slightly different content for our Canadian or US customers.
This works fine in Firefox. However, in IE, when a Canadian visitor comes it doesn't display canadian content on the http version of any page. Once they go to a https page, it works just fine. After that, if they go back to an http page it still displays properly. Code:
clients are redirected to http://www.mysite.com/mypage.asp
This works fine for all but 1 client. He looses a session during the redirect. Apparently his browser interprets https:// and http:// as different domains.
I need some help/pointers here. I maintain an ASP/MSSQL e-commerce site.
I need to force the use of HTTPS for private/payment data and force back HTTP on other pages. Some googling taught me the use of checking Request.ServerVariables("HTTPS"). Though GET data/QueryStrings are passed all my POST data is lost because of the REdirect. Code: