Results 1 to 8 of 8
  1. #1
    Join Date
    Sep 2002
    Location
    Illinois
    Posts
    2,304

    Question Secure form submit problem

    Hi folks,

    Here is a problem that I have with secure form.

    I have SSL cert installed for secure.domain.com.

    There is a file called login.php which you can call by going to

    https://secure.domain.com/login.php

    That php script shows the login form.

    Here is a form tag that I have in that form

    Code:
    <form name="login_frm" method="POST" action="https://secure.domain.com/login.php">
    When I press submit button browsers would redirect me to

    http://secure.domain.com/login.php not https://secure.domain.com/login.php

    and of course I get 404 not found page.

    Anyone has an idea what is wrong?

    Thanks
    How's my programming? Call 1-800-DEV-NULL

  2. #2
    I am doing something very similar with no poblems. As far as I canremember, I am using PHP_SELF instead of absolute url.

  3. #3
    Join Date
    Jul 2003
    Location
    Kuwait
    Posts
    5,099
    If this happens on IE, could be because of a bad patch that is known to cause problems with forms and SSL.
    In order to understand recursion, one must first understand recursion.
    If you feel like it, you can read my blog
    Signal > Noise

  4. #4
    Join Date
    Apr 2004
    Location
    East Anglia, UK
    Posts
    79
    If this is the browsers fault, you can force the server to redirect to a secure connection using mod_rewrite (only if you are using apache of course).

    Check this excellent mod_rewrite resource.
    http://www.engelschall.com/pw/apache/rewriteguide/

  5. #5
    Join Date
    Sep 2002
    Location
    Illinois
    Posts
    2,304
    Originally posted by fyrestrtr
    If this happens on IE, could be because of a bad patch that is known to cause problems with forms and SSL.
    This happens in any browser.

    This is strange, since form tag has the secure address, and I don't use PHP_SELF.

    Maybe there is a problem with apache configuration?

    Thanks
    How's my programming? Call 1-800-DEV-NULL

  6. #6
    Join Date
    Apr 2004
    Location
    East Anglia, UK
    Posts
    79
    Is the browser going straight to the http:// page or is the server redirecting the https:// page to the http:// page?

  7. #7
    Join Date
    Sep 2002
    Location
    Illinois
    Posts
    2,304
    I go to https://secure.domain.com/login.php

    Submit the form, form tag is

    <form name="login_frm" method="POST" action="https://secure.domain.com/login.php">

    Browser then shows me 404 page with non secure address

    http://secure.domain.com/login.php
    How's my programming? Call 1-800-DEV-NULL

  8. #8
    Join Date
    Apr 2004
    Location
    East Anglia, UK
    Posts
    79
    Sorry that doesn't really answer my question, you see, the browser could put a request to https://secure.domain.com/login.php, but in the header negotiation, it gets redirected to http://secure.domain.com/login.php by the server, and this is the address it will show in the address bar. So what you need to find out, is if the server is doing the redirecting.

    Take a packet dump or something, check the HTTP headers for 300 series codes, like Page Temporarily Moved etc.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •