Forum OpenACS Q&A: Re: How to stay in http: after i register in https:????

Collapse
2: Re: How to stay in http: after i register in https:???? (response to 1)
Posted by C. R. Oldham on 12/29/02 12:08 AM

What we did was to patch acs-subsite/www/register/index.tcl to redirect to our homepage on non-ssl. It's like a 2 line patch at the top of index.tcl: 

if {![info exists return_url]} {
    # cro 2002-04-30
    # Make sure we return to the non-SSL homepage
    set return_url "[ad_url]/"
}

Unfortunately this will probably cause the user to see a dialog box that says "you are being redirected to a non-secure site" or some such. We haven't gone live with our 4.6 site yet so we haven't really decided how to handle this. You can

  1. live with it, or
  2. do some JavaScript manipulation that can avoid this. I don't know exactly what that is or how hard it will be to make it work with every browser.
    Or
  3. add another page that says "you are now registered or logged in, click here to go back to where you were" so the user does the navigation instead of the server causing a browser redirect.

Collapse
3: Double redirecting (response to 2)
Posted by Titi Ala'ilima on 01/02/03 08:09 PM
The way I accomplished this was by double-redirecting, i.e. forcing all URLs (except for things which would be included/in-lined e.g. images, scripts, and style-sheets) to HTTP unless they were explicitly forced to HTTPS.  The force to HTTPS is done with a filter registered to whatever nodes you specified in the RestrictToHttps parameter, so I modified the filter to mark ad_conn if it passed without redirecting and then added a second filter registered to all URLs, with a later priority to redirect all HTTPS connections not previously marked to HTTP.  To exclude images and the like from redirection, I added a third filter for all relevant extensions (gif, jpeg, css, js, etc.) which marked ad_conn, and gave it a priority between the other two filters.  One unfortunate thing is that image loading is slower on HTTPS pages due to encryption, but you could speed that up by explicitly calling HTTP

E-mail me if you'd like to see the actual code.