cancel
Showing results for 
Search instead for 
Did you mean: 

In out, in out, shake it all about

BoneMan
Grafter
Posts: 163
Thanks: 5
Registered: ‎01-08-2007

In out, in out, shake it all about

Guys,
        Could one of your web site team have a look at the number and cosistency of non-secure/secure (http/https) transitions please?
I have my browser set-up to alert whenever I transition from one to the other and since the revamp, the alerts are coming through thick and fast. I don't mind when they are genuine transitions but when they are "transients" it bugs me. For example, go into web mail and log off. The screen offers "Login again" or "Return to the member centre".  If you click the latter it says "Leaving secure area" and then immediately says "Entering secure area". Um, why  Shocked?
There's another inconsistency on the  main member centre page (https://portal.plus.net/index_nlp.html). If you click on "Webmail" on the left hand menu, it links to https://webmail.plus.net/; if you choose the Webmail option at the top right it points to http://portal.plus.net/general/webmail.html?home=email and you go through another (unecessary?) insecure/secure transition.
There's a whole bunch of  others too. I know that nobody's going to die because of these and maybe I have too much time on my hands but OTOH,  it comes across as unprofessional, IMVHO.
Regards,
Ray.
13 REPLIES
Wojtek
Newbie
Posts: 15
Registered: ‎11-04-2007

Re: In out, in out, shake it all about

Hello there Smiley
The reason for which different parts of the website are being served through either http or https protocol is very trivial, but also important: security. While our offer and general sales pages can be transmitted without the encryption switched on, this rule does not apply to the areas such as Member Centre (or other sections). The traffic there simply needs to be encoded.
Unfortunately, there is not much we could do about the "transitional" messages being displayed by your browser, if you have switched them on... If you'd like to walk around the website for a bit and use various systems throughout, you will encounter the protocol changes from http to https. We are sorry for all inconvenience.
Cheers
Wojtek
BoneMan
Grafter
Posts: 163
Thanks: 5
Registered: ‎01-08-2007

Re: In out, in out, shake it all about

Quote from: Wojtek
The reason for which different parts of the website are being served through either http or https protocol is very trivial, but also important: security. While our offer and general sales pages can be transmitted without the encryption switched on, this rule does not apply to the areas such as Member Centre (or other sections). The traffic there simply needs to be encoded.
Cheers
Wojtek

@Wojtek - OK I understand that but I am a member and only going around inside the Members' Centre (whilst logged in). That's part of the problem. Please have a look at the specific examples I provided. They are all whilst logged in to the Members' Centre; not generally surfing the whole site.
Regards,
Ray.
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: In out, in out, shake it all about

Every time you are "only going around inside the Members' Centre" you are actually authenticating on the server (unbeknown to you) every time you click you mouse.  I don't know how the PN authentication scheme works but it could be that you are authenticating on one server (which has an LDAP directory of users for example) and that allows you to continue your journey within the Memers' Centre.  Of course via cookies and TTL you do not have to re-enter your user login and password every single time, but your browser may well warn you about all this switching around between servers/pages.  The easiest solution is probably to change the setting on your browser to stop it warning you (in this case unnecessarily).
HTH.
BoneMan
Grafter
Posts: 163
Thanks: 5
Registered: ‎01-08-2007

Re: In out, in out, shake it all about

Good grief, no wonder the site is so slow if that's the case  Shocked. Also isn't LDAP a "Windows" thing? AFAIK the Community servers are on UNIX?
>>easiest solution is probably to change the setting on your browser to stop it warning you<< Um, no. I use secure sites frequently both inside the company fence and outside of it and at home.  None of them exhibit this behaviour. Also, much of this behaviour only started after the revamp  Sad. Why should I disable a useful feature because PlusNet website has not been constructed properly?
Regards,
Ray.
[Moderator's note by Barry Zubel: Please don't quote the previous post in full as per the link:rules ]
Community Veteran
Posts: 3,789
Registered: ‎08-06-2007

Re: In out, in out, shake it all about

Well, HTTP is generally "stateless" so each request for a page is not linked directly to the previous request so in very basic terms this is how all authenticated websites work.
LDAP is most definately NOT a Microsoft thing as per http://en.wikipedia.org/wiki/LDAP
Unfortunately, Microsoft use their own interpretation of LDAP in Active Directory which is less than standard Sad
I do agree with you that the items that you have mentioned aren't good though.  Certainly there should be uniformity with http:// and https:// when linking to items such as Webmail.  Perhaps one of the PN developers should turn on the notifications and try surfing around the website to see how much of an annoyance it is.
B.
Community Gaffer
Community Gaffer
Posts: 5,272
Thanks: 593
Fixes: 5
Registered: ‎04-04-2007

Re: In out, in out, shake it all about

I'll have a look at this today/tomorrow.
Kelly Dorset
Broadband Service Manager
Community Gaffer
Community Gaffer
Posts: 5,272
Thanks: 593
Fixes: 5
Registered: ‎04-04-2007

Re: In out, in out, shake it all about

Quote from: BoneMan
@Wojtek - OK I understand that but I am a member and only going around inside the Members' Centre (whilst logged in). That's part of the problem. Please have a look at the specific examples I provided. They are all whilst logged in to the Members' Centre; not generally surfing the whole site.

I think part of the issue here is that we try not to have pages over ssl if they don't need to be because it is more server intensive than a straight http request.  This means that while logged in, you end up moving in and out of https pages.
Kelly Dorset
Broadband Service Manager
Community Gaffer
Community Gaffer
Posts: 5,272
Thanks: 593
Fixes: 5
Registered: ‎04-04-2007

Re: In out, in out, shake it all about

Current feeling is that this is actually a problem, rather than by design.  I'm asking on our internal forums.  Undecided
Kelly Dorset
Broadband Service Manager
Community Gaffer
Community Gaffer
Posts: 5,272
Thanks: 593
Fixes: 5
Registered: ‎04-04-2007

Re: In out, in out, shake it all about

Quote from: BoneMan
There's another inconsistency on the  main member centre page (https://portal.plus.net/index_nlp.html). If you click on "Webmail" on the left hand menu, it links to https://webmail.plus.net/; if you choose the Webmail option at the top right it points to http://portal.plus.net/general/webmail.html?home=email and you go through another (unecessary?) insecure/secure transition.

What browser are you using?  I can see why the problem would happen, but I don't get the popups in FF3 with the warnings turned on.
Kelly Dorset
Broadband Service Manager
BoneMan
Grafter
Posts: 163
Thanks: 5
Registered: ‎01-08-2007

Re: In out, in out, shake it all about

Quote from: Kelly
What browser are you using? 

IE6 on W2K. Don't snigger  - it's still the company standard  Wink. However, I will also double check tonight at home with IE7 on XP , & FF3 on W2K and XP.
Thanks,
Ray.
MickKi
Grafter
Posts: 543
Registered: ‎30-09-2007

Re: In out, in out, shake it all about

MSIE6 is one of the most buggy browsers and its survival has defeated all reason.  It should have been taken out the back and shot as soon as MS brought it out and never allowed to breed no more!  Although this may not be a buggy browser related fault anyway, I feel better for venting.  Smiley
@Kelly,
I wonder if this is related to URL redirections that may have been set up in your .htaccess or in your server configs files, whereby you login into e.g. <www.plusnet.com> and then get redirected to <plusnet.com>.  The browser may then go through the authentication process once more (and, or warn about it).
Community Gaffer
Community Gaffer
Posts: 5,272
Thanks: 593
Fixes: 5
Registered: ‎04-04-2007

Re: In out, in out, shake it all about

No, it's clever code (oops, this page should be https but isn't so I'll redirect to https) combined with poor linking (this link should be https, but I've put http instead)
Kelly Dorset
Broadband Service Manager
BoneMan
Grafter
Posts: 163
Thanks: 5
Registered: ‎01-08-2007

Re: In out, in out, shake it all about

Quote from: BoneMan
Quote from: Kelly
What browser are you using? 

However, I will also double check tonight at home with IE7 on XP , & FF3 on W2K and XP.
Thanks,
Ray.

Just to confirm, the problem does seem to be IE specific. I can reproduce it with IE6 on W2K and XP, also with  IE7 on XP. FF3 seems to be immune.
Regards,
Ray.