HSBC CPI Integration - Ecommerce forum at WebmasterWorld - WebmasterWorld

Forum Moderators: buckworks

Message Too Old, No Replies

HSBC CPI Integration

switching between http and https

mike_q

6:30 am on May 18, 2007 (gmt 0)

10+ Year Member

Hi guys,
I am using a HSPC CPI payment integration in asp. As by the CPI requirement , the thankyou page(i.e the page in our site where the user will be returned to after completing the transaction in HSBC secured server) should be in secured channel (https).
but when the user returned to the thankyou page it is https, but when the user click for eg, "about us" menu, the browser still in https. i found the following code in net to switch between https and http.

Response.Buffer = True
If (Request.ServerVariables("HTTPS") = "on") Then
Dim xredir__, xqstr__

xredir__ = "http://" & Request.ServerVariables("SERVER_NAME") & _
Request.ServerVariables("SCRIPT_NAME")
xqstr__ = Request.ServerVariables("QUERY_STRING")

if xqstr__ <> "" Then xredir__ = xredir__ & "?" & xqstr__

Response.redirect xredir__
End if

i put this code in the start of the thankyou page, but after this, when completing the transaction in HSBC server, the browser displays message window saying "you are about to redirect a that is not a secure yes/no"

We are running still in test mode. Is ther anyother better solution for this? because HSBC may not accept this when we go live.

ectect

6:53 am on May 18, 2007 (gmt 0)

10+ Year Member

A simple fix would be to make all links on the thanks page absolute and pointing to http://....

[edited by: lorax at 2:35 pm (utc) on May 18, 2007]

rocknbil

7:12 am on May 18, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

You don't want to do an actual redirect on the thank you page. What you want to do is change the links on that thank you page to non-https. Simply put the full url in the links on the thank you page: http://www.example.com/about.html. If the page is output dynamically, use the HTTPS environment variable to as you already have to construct full URL links - not do a redirect.

Edit: what he/she said (simul-post :-D)

mike_q

9:20 am on May 18, 2007 (gmt 0)

10+ Year Member

thanks for your quick reply guys.
but, they are using asp header and footer files. the menus and the links are in the header files. i am trying not to change anyother file except thankyou.asp since site is going live soon. And as i told about HSBC, i am not sure about whether they would allow http "redirect" in the thankyou page, anybody know about this?

ytswy

3:00 pm on May 18, 2007 (gmt 0)

10+ Year Member

Unless I'm missing something, if clicking a link on the https thankyou page is taking you to a https page, then presumably anyone who enters the secure portion of your site will be stuck thereafter in https for every page?

If so then I think you need to solve the problem generally, not just for the thankyou page - eg by using absolute links to non-secure pages as suggested.

LifeinAsia

3:36 pm on May 18, 2007 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Top Contributors Of The Month

but, they are using asp header and footer files.

What we did in a similar situation is have a variable set in the header/footer files to use HTTP or HTTPS. HTTP is the default, unless a varaible is passed telling the template to use HTTPS.

So your choices are:
A) Modify the header/footer files as above, or
B) Write a self-contained Thank You page with the links hard coded.

rocknbil

6:24 pm on May 18, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

i am trying not to change anyother file except thankyou.asp since site is going live soon. And as i told about HSBC, i am not sure about whether they would allow http "redirect" in the thankyou page, anybody know about this?

The question of whether they allow it is probably less relevant, as you saw your most important issue is the customer's impression when they hit that page - it throws up an insecure warning, which average users probably don't understand and will interpret as "bad," even though it's not.

thankyou.asp is only used upon return of a sale, is it not? Even if it's also used for contact forms or other thank-you situations - just change the links in it to full url's without http. Copy and paste the asp footers directly into the document.