Forum OpenACS Q&A: Re: Secure Vs. Insecure locations

18: Re: Secure Vs. Insecure locations (response to 1)

Posted by Richard Hamilton on 12/12/02 05:23 PM

Just a follow up to this thread. I think that OpenACS 4.6 is behaving slightly differently.

If I login under http as Site Wide Administrator and then select the 'Site Wide Admin' link on the default Main Site page the redirect to https:// is screwy :

https://www.server4.com:8446/acs-admin/www.server4.com/register/index?return_url=%2facs%2dadmin%2f%3f

Seems to be adding the Url stub inappropriately. If I log in under https the redirect is fine (I remember reading that this is a token issuing anomaly). Can anyone confirm that restricting the login page to https is the only answer.
Thank you

Richard

19: Re: Secure Vs. Insecure locations (response to 18)

Posted by Richard Hamilton on 12/12/02 06:14 PM

Another little anomaly with https:
With 'register/*' restricted to httpS.
If a user has logged in under httpS but then visits a static page under http and selects 'Your Workspace' from the context menu and then selects 'Log Out', the redirect URL for the registration page comes up as :

https://www.server4.com:8446/register/www.server4.com/

Where is this extra www.server4.com coming from and can I prevent it?
Thanks

Richard