http to https redirect

[Axel]

Hi

This is a standard asp question, (old site done with standard asp and
vb) I did not find an English speaking "plain asp" group;

I am trying to redirect on some (login) pages from https to http by
using Response.Redirect but it seems to always end up on https pages.
The other way around (http to https) works fine. What could cause such a
behavior? Maybe some global switch in global.asa? Or cookies set by the
secure page? Its really weird.

I am considering doing the redirect client side but I don't want the
whole page to load and then to the redirect as its slooow. OTOH I am
scared of cutting the page short server site in case the client redirect
method fails (e.g. due to ignoring javascript or meta headers). Is there
a sure fire way to redirect to non-secure after successful login?

thanks in advance
Axel

 

[Toni]

Hi

This is a standard asp question, (old site done with standard asp and vb) I did not
find an English speaking "plain asp" group;

I am trying to redirect on some (login) pages from https to http by using
Response.Redirect but it seems to always end up on https pages. The other way around
(http to https) works fine. What could cause such a behavior? Maybe some global switch
in global.asa? Or cookies set by the secure page? Its really weird.

I am considering doing the redirect client side but I don't want the whole page to
load and then to the redirect as its slooow. OTOH I am scared of cutting the page
short server site in case the client redirect method fails (e.g. due to ignoring
javascript or meta headers). Is there a sure fire way to redirect to non-secure after
successful login?

thanks in advance
Axel

Instead of response.redirect, use Response.AddHeader
<%
' strURL = URL you want to redirect to
strURL = http://www.UrlRedirect.com
Response.AddHeader ("Location", strURL)
Response.End
' rest of code goes here
%>

I've found that Response.AddHeader is much nicer and has a more predictable behavior
than response.redirect.
Although most would say it's not needed, I always place Response.End after any redirect
in case the redirect fails for any reason whatsoever (I'm just paranoid that way).

You might need the parenthesis around it if you are doing ASP.NET, they are not needed
in Classical ASP.

 

[George]

you code to set the return code to 302 or 301 for it to work
Response.StatusCode = 302

George.

 

[Axel]

Hi - I am still struggling can not make a server side redirect happen
from https to http.

I tried George's and also Toni's suggestion (see below). I always end up
on a https page again. Could it be something that the ISP enforces? In
the browser, I can follow links from https to http pages but the (server
side) redirect from https to http after successful login just simply
does not work for me - always stays in https!

After reading
http://www.4guysfromrolla.com/aspfaqs/ShowFAQ.asp?FAQID=72 (ADPFAQs.com)
and
http://www.somacon.com/p145.php (Permanent Redirect with HTTP 301)

Here is my final code - I also made sure not have ANY output before I
call the page. However some session variables are written (these are
needed to identify the user once he is logged on)

Function redirectNoSSL(sUrl)
Dim sNewURL
sNewURL = stripSSL(sUrl)
If Response.Buffer=True then
Response.Clear
Response.Buffer=False
End If

'Call Response.Redirect(sNewURL)
' instead of redirect!

Response.Status = "301 Moved Permanently"
Call Response.AddHeader ("Location", sNewURL)
End Function

(stripSSL works fine it just rewrites the (complete) passedf URL with
http: instead of https

any other suggestions.

 

[Axel]

I am still struggling can not make a server side redirect happen from

And you're still in the wrong newsgroup...

please post ASP Classic questions to:
microsoft.public.inetserver.asp.general

thanks Mark, I will take it there again (I was just encouraged by the
answers on this group; there was lot less feedback on there, but I guess
its a difficult enough question which might be environment dependant)