Can my software application maintain state when switching from normal HTTP (non-secure) protocol to HTTPS (secure) protocol?

When you change from HTTP to HTTPS, any cookies or client variables you are using with one protocol will not be recognized from one state to the next. Since the web server views activity under each different protocol as completely different user sessions, it does not maintain variable state between the two different protocols. This is true whether you use a shared or dedicated SSL certificate. It is best to use HTTP protocol for most user activity and only switch to HTTPS for sensitive data gathering. Then after receiving the data provide a deliberate and compelling hyperlink that takes the user back to HTTP protocol.


Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 2253