On 12/15/06, Foster, Stephen (ASPIRE) <[EMAIL PROTECTED]> wrote:
hi joshua,
sorry i should have been more specific. Its not actually our app but an
authentication plug-in and backend that changes the URI and then passes back to
the browser. There may be a bug in it that its capturing the incoming URL and
not able to re-write it to https before passing back. This is being
investigated by the provider but in the meantime i would like to re-write the
URI to the proper secure method.
does that make sense?
Sort of. But it is hard to tell where your authentication plug-in is
acting here. What I would do is simply tack a ? on the end of the URL
when redirecting from HTTP to HTTPS. This will eliminate the query
string and hopefully force your plug-in to recreate it. And it also
has the benefit of making sure your don't accidentally have people
submit sensitive information in the query string to the non-secure
server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
