https://community.cisco.com/t5/application-networking/ace-keep-user-on-ssl-only-if-logged-in/m-p/1324109#M27482 <HTML><HEAD></HEAD><BODY><P>ACE has no knowledge about what happened in a previous connection.</P><P>All you can do is inspect the header of the new http request and identify some information which could identify if the user is logged in or not.</P><P>For example, if the server sets a particular cookie when the client is logged in, you can check the presence of this cookie to determine if the client is connected and send the redirect to https.</P><P></P><P>BUT, since the client will potentially keep the same cookie, even if he logs out, then ace will continue redirecting the client to https.</P><P></P><P>Only the server has the complete knowledge of the client state.</P><P>So the redirect should come from the server. </P><P></P><P>Gilles.</P></BODY></HTML> Thu, 30 Jul 2009 12:19:30 GMT Gilles Dufour 2009-07-30T12:19:30Z https://community.cisco.com/t5/application-networking/ace-keep-user-on-ssl-only-if-logged-in/m-p/1324108#M27481 <P>Hi everyone</P><P></P><P>We have a complicated scenario which we need to achieve using the ACE4710. This is what we want to achieve:</P><P></P><P>1) User browses to site <A class="jive-link-custom" href="http://www.site.com" target="_blank">http://www.site.com</A>.</P><P></P><P>2) User logs in and login is posted to secure path <A class="jive-link-custom" href="https://www.site.com/myaccount." target="_blank">https://www.site.com/myaccount.</A></P><P></P><P>3) Once the user is logged in, all subsequent requests to <A class="jive-link-custom" href="http://www.site.com/" target="_blank">http://www.site.com/</A>* need to be redirected to <A class="jive-link-custom" href="https://www.site.com/" target="_blank">https://www.site.com/</A>*. In other words, once the user has accessed /myaccount within the session, all further requests must be SSL, no matter which page on the site they are on.</P><P></P><P>Is this possible with the ACE?</P><P></P><P>Thanks</P> Thu, 30 Jul 2009 05:12:02 GMT https://community.cisco.com/t5/application-networking/ace-keep-user-on-ssl-only-if-logged-in/m-p/1324108#M27481 osiristrading 2009-07-30T05:12:02Z https://community.cisco.com/t5/application-networking/ace-keep-user-on-ssl-only-if-logged-in/m-p/1324109#M27482 <HTML><HEAD></HEAD><BODY><P>ACE has no knowledge about what happened in a previous connection.</P><P>All you can do is inspect the header of the new http request and identify some information which could identify if the user is logged in or not.</P><P>For example, if the server sets a particular cookie when the client is logged in, you can check the presence of this cookie to determine if the client is connected and send the redirect to https.</P><P></P><P>BUT, since the client will potentially keep the same cookie, even if he logs out, then ace will continue redirecting the client to https.</P><P></P><P>Only the server has the complete knowledge of the client state.</P><P>So the redirect should come from the server. </P><P></P><P>Gilles.</P></BODY></HTML> Thu, 30 Jul 2009 12:19:30 GMT https://community.cisco.com/t5/application-networking/ace-keep-user-on-ssl-only-if-logged-in/m-p/1324109#M27482 Gilles Dufour 2009-07-30T12:19:30Z