Issue with a secure login - Why am I being redirected to the insecure login?
Posted
by
mstrmrvls
on Server Fault
See other posts from Server Fault
or by mstrmrvls
Published on 2012-12-11T16:10:08Z
Indexed on
2012/12/11
17:07 UTC
Read the original article
Hit count: 196
Im having some issues getting a website working at my place of work. The issue was rasised when a "double login" occurred from the secure login site. The second login was actually being prompted by the HTTP domain and not HTTPS.
In essence the situation is like this:
- The user navigates to https://mysite.com/something
- The login prompt pops up
- Enter username and password
- The user is presented with ANOTHER login prompt (IE will say its insecure, and the address bar reflects that)
- If the user puts in their password the insecure one, they will login to the insecure site.
- if they hit cancel it will present them with a 401 page
- Navigating back to https://somesite.com/something will by pass the login prompt and log them in to the secure site automatically (cookie maybe)
I'm a bit confused to why the user isnt being logged in properly the first time (redirected to non-ssl) but any consecutive login will be okay? I've been trying to use fiddler to see what is happening after the user puts in their password the first time and trying to get fiddler to automatically login to the site (with no luck)
I believe the website in question is using Basic Digest authentication.
Thanks for any help
© Server Fault or respective owner