Databases
StackOverflow2013
Postsdbo
POAvoiding SSL "You are about to be redirected to a connection that is not secure." message
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAvoiding SSL "You are about to be redirected to a connection that is not secure." message
    text
    copied!<p>I have a login screen which I'm serving over SSL. The user fills in their login/password, this gets POSTed to the server. At this point I want to jump out of SSL, so I redirect them back to the same page with no SSL.</p> <p>This causes the browser to show a warning dialog "You are about to be redirected to a connection that is not secure". How can I avoid this? I've been plenty of sites like yahoo mail, and gmail that give you an SSL page for login, then send you to a non-SSL page after this.</p> <p>Secondary question: what's the purpose of this dialog? It's trying to warn me about some nefarous purpose - but what's so bad about redirecting someone to a non-SSL page? I don't get a warning when I'm on an SSL page and click a non-SSL link. What's different about redirecting someone?</p> <p>I'm doing this in ASP.NET 2.0 - but I figure this is a generic web-dev question.</p> <p><strong>UPDATE SUMMARY</strong>: It seems the popular answer is "DON'T AVOID IT". I can understand that a user should get a message when security it being removed. But I don't get a dialog when I follow a link and security is removed, so at the very least I'd say this is inconsistent.</p> <p>The dialog / browser versions. I actually don't see the dialog in IE7/FF3 (maybe I've clicked a checkbox preventing it). More importantly the client DOES see it in IE6 - with no checkbox to remove it (yes, I know IE6 is old and crap). </p> <p>Firefox2: <a href="http://img521.imageshack.us/img521/8455/sslwarning.jpg">FF2 http://img521.imageshack.us/img521/8455/sslwarning.jpg</a></p> <p>IE6: <a href="http://img188.imageshack.us/img188/139/sslwarningie6.jpg">IE6 http://img188.imageshack.us/img188/139/sslwarningie6.jpg</a></p> <p>The alternative: make the entire site SSL, never redirect the user out of SSL. I could handle that. But I've got a semi-technical client who has some fairly good points:</p> <ul> <li>"SSL is going to cause an increase in traffic / processing power". I don't really buy this, and I don't think his site is every going to require more than one box to serve it.</li> <li>"Yahoo does it. Yahoo is a big technical company. Are you smarter than Yahoo?"</li> </ul> <p>I'm going to try sway the client over to an entirely SSL site. I'll argue Yahoo's approach made sense in 1996, or for a site that is MUCH more popular. Some official links explaining why this dialog happens would help (i.e Jakob Nielsen level of authenticity).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload