Many sites might have a SSL cert that is named something besides www.example.com. This patch allows the subdomain of the SSL site to be different than the subdomain of the main site.

Like:
normal site secure site
http://www.example.com https://superduper.example.com
http://www.example.com https://ssl.example.com
http://www.example.com https://checkout.example.com

Comments

davea’s picture

StatusFileSize
new4.32 KB

Here is an update. Removing the syslog entries as you requested. Your request about adding the SESSIONID in the URL is not included in this update.

davea’s picture

After doing some research, it seems that passing the SESSIONID in the URL is not secure and can lead to session hijacking. Including this feature would be a REAL security problem.

However, I will say that I have been running this on several sites now and it works well. I can update the patch for the latest version. Gordon?

Dave

grendzy’s picture

Status: Active » Closed (won't fix)

The 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.