Forum OpenACS Q&A: Re: Secure Vs. Insecure locations

Collapse
Posted by Richard Hamilton on
Just a follow up to this thread. I think that OpenACS 4.6 is behaving slightly differently.


If I login under http as Site Wide Administrator and then select the 'Site Wide Admin' link on the default Main Site page the redirect to https:// is screwy :


https://www.server4.com:8446/acs-admin/www.server4.com/register/index?return_url=%2facs%2dadmin%2f%3f

Seems to be adding the Url stub inappropriately. If I log in under https the redirect is fine (I remember reading that this is a token issuing anomaly). Can anyone confirm that restricting the login page to https is the only answer.
Thank you

Richard

Collapse
Posted by Richard Hamilton on
Another little anomaly with https:
With 'register/*' restricted to httpS.
If a user has logged in under httpS but then visits a static page under http and selects 'Your Workspace' from the context menu and then selects 'Log Out', the redirect URL for the registration page comes up as :
https://www.server4.com:8446/register/www.server4.com/

Where is this extra www.server4.com coming from and can I prevent it?
Thanks

Richard