How to redirect from HTTPS to HTTP without annoying error messages

Question

I want to redirect users, after HTTPS login, to the HTTP pages on the site. Using HTTPS for the whole site is not going to happen.

What I have so far is the following:

1. User posts the login form to the secure site
   • The secure server validates the credentials
   • The secure server sends a 302 redirect to the client

This works, except on my machine in IE6 the user gets an error message because the default is to warn when exiting a secure page. These errors are a usability killer for me and thus a showstopper. I changed it so that step 3 is

• Server sends html code with a meta refresh

But this is very slow; even on my local machine it's noticeably slower than doing the 302 redirect.

Is there a better way to accomplish the goal of a hassle-free redirection on standard settings that people use? IE6 represents 20%-25% of our traffic. Also, does anyone have any good info about which browsers will warn and which won't warn for the 302 redirect? I am considering black-listing IE6 so that only it gets the slow meta refresh and everyone else gets the fast 302.

Answer 1

Reviving an old topic , but to make it compelete posting the following so other devs can have a choice of implementation

One way of moving bettween https to http without a warning message is to use client redirect using javascript.

Steps

1. User enters login details on a https form and click on login button
2. login button will post back to https form for login validation ( assuming login is correct) will redirect to a holding page which is also under https and displays the message ( please wait while the site redirects you)
3. This holding page does a javascript redirect to the http page

no browser warning message will be displayed

HTH