If I redirect a logged in user to a non SSL page on my

Question

0

Asked: May 20, 20262026-05-20T19:36:59+00:00 2026-05-20T19:36:59+00:00

If I redirect a logged in user to a non SSL page on my

0

If I redirect a logged in user to a non SSL page on my website:

Response.Redirect("http://www.mysite.com/page.aspx");

But the master page has the code:

if (IsLoggedIn)
    ForceSSL();

Which redirects the user to:

Response.Redirect("https://www.mysite.com/page.aspx");

Between the redirect, and then the second redirect, is there any unsecured data transmitted from the client to the server?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T19:36:59+00:00

The initial request to http://www.mysite.com will send any cookies associated with the domain, but there shouldn’t be any if you do all of your traffic on https://www.mysite.com

(assuming your cookies are set to secure only)

Edit:

Missed the part about being logged in… if the site’s using the standard forms authentication, you’d want to do something like this in the web.config and it should take care of that for you (requireSSL):

<authentication mode="Forms">
  <forms loginUrl="Login.aspx" timeout="15" slidingExpiration="true" requireSSL="true"/>
</authentication>

Edit #2:

I was curious if you could force this at a site level for all cookies (without forms authentication), and it looks like you can by adding this to the config file:

<httpCookies domain="String" requireSSL="true" />

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If I redirect a logged in user to a non SSL page on my

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply