|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
August 7th, 2004, 12:36 PM
|
|||
|
|||
|
https -> http notification
I have a login box on my http page, but when the user enters their information, I send it to a php page for authentication - this page is https so that the passwords aren't broadcast in the clear. At the end of this page I have a php header that returns to the referring page with the authentication values set.
Everything works great, but there is this annoying message window that pops up telling the user that they are leaving a secure page. The user really doesnt even know that they have visited a secure page. Is there any way to avoid this or is this simply controlled by the browser?
|
|
#2
August 8th, 2004, 05:43 AM
|
||||
|
||||
|
If there were then it would be even easier to hack pages. Just put a disclaimer on your login page for those few people who even notice what they click on.
__________________
Left DevShed May 28, 2005. Reason: Unresponsive administrators. Free code: http://sol-biotech.com/code/. Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html. Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html. It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it. --Me, I just made it up The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. --George Bernard Shaw
|
|
#3
August 16th, 2004, 09:14 PM
|
|||
|
|||
|
Just a thought!
Why don't you try to open a new larger browser (which covers the old browser) with the new unsercure URL that has the hashed authentication session id set and then close the old browser. I never tried this as a result I don't know if it will work for you. Let me know how you make out...
|
|
#4
August 16th, 2004, 09:32 PM
|
|||
|
|||
|
If your session ID is valid across all of the users open browsers once a user is authenticated. When the user clicks the login link you can pop-up a secure window where they need to enter their user ID and passwords. After the user is authenticated you can close the secure browser thus leaving the session id with the original unsecured browser I vaguely recall that you "may be able to" configure the scope of a session id
|
|
| Viewing: Dev Shed Forums > System Administration > Security and Cryptography > https -> http notification |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
